Public Bill Committee

[Mr Gary Streeter in the Chair]

Colleagues and members of the public, welcome to our second evidence session on the Digital Economy Bill. Before we get under way and introduce our first set of witnesses, a number of colleagues wish to declare an interest.

Drew Hendry: I do not have any direct interests, but for full transparency I draw the Committee’s attention to my share ownership in Teclan Ltd, which is in the Register of Members’ Financial Interests.

Nigel Huddleston: Again for full transparency, prior to becoming an MP I worked for Google, in which I have a small share interest at the moment.

Nigel Adams: As I stated in the earlier session, I am a director and shareholder of two telecommunications businesses, and I believe my wife is also a director and shareholder.

Examination of Witnesses

David Austin and Alan Wardle gave evidence.

Q 83 For this session we have until 2.45 pm. Will the witnesses please introduce themselves for the record?

David Austin: My name is David Austin. I am the chief executive of the British Board of Film Classification.

Alan Wardle: I am Alan Wardle, head of policy and public affairs at the National Society for the Prevention of Cruelty to Children.

Louise Haigh: David, am I right in interpreting the amendments that the Government tabled last night as meaning that you are intended to be the age verification regulatorQ ?

David Austin: That is correct. We reached heads of agreement with the Government last week to take on stages 1 to 3 of the regulation.

Louise Haigh: Q  Are you sufficiently resourced to take on that role?

David Austin: We will be, yes. We have plenty of time to gear up, and we will have sufficient resource.

Louise Haigh: Q  Will it involve a levy on the porn industry?

David Austin: It will involve the Government paying us the money to do the job on our usual not-for-profit basis.

Louise Haigh: Q  What risks do you envisage in people handing over their personal data to the pornographic industry?

David Austin: Privacy is one of the most important things to get right in relation to this regime. As a regulator, we are not interested in identity at all. The only thing that we are interested in is age, and the only thing that a porn website should be interested in is age. The simple question that should be returned to the pornographic website or app is, “Is this person 18 or over?” The answer should be either yes or no. No other personal details are necessary.
We should bear in mind that this is not a new system. Age verification already exists, and we have experience of it in our work with the mobile network operators, where it works quite effectively—you can age verify your mobile phone, for example. It is also worth bearing in mind that an entire industry is developing around improving age verification. Research conducted by a UK adult company in relation to age verification on their online content shows that the public is becoming much more accepting of age verification.
Back in July 2015, for example, this company found that more than 50% of users were deterred when they were asked to age verify. As of September, so just a few weeks ago, that figure had gone down to 2.3%. It is established technology, it is getting better and people are getting used to it, but you are absolutely right that privacy is paramount.

Louise Haigh: Q  Are you suggesting that it will literally just be a question—“Is the user aged 18?”—and their ticking a box to say yes or no? How else could you disaggregate identity from age verification?

David Austin: There are a number of third-party organisations. I have experience with mobile phones. When you take out a mobile phone contract, the adult filters are automatically turned on and the BBFC’s role is to regulate what content goes in front of or behind the adult filters. If you want to access adult content—and it is not just pornography; it could be depictions of self-harm or the promotion of other things that are inappropriate for children—you can go to your operator, such as EE, O2 or Vodafone, with proof that you are  18 or over. It is then on the record that that phone is age verified. That phone can then be used in other contexts to access content.

Louise Haigh: Q  But how can that be disaggregated from identity? That person’s personal data is associated with that phone and is still going to be part of the contract.

David Austin: It is known by the mobile network operator, but beyond that it does not need to be known at all.

Louise Haigh: Q  And is that the only form of age verification that you have so far looked into?

David Austin: The only form of age verification that we, as the BBFC, have experience of is age verification on mobile phones, but there are other methods and there are new methods coming on line. The Digital Policy Alliance, which I believe had a meeting here yesterday to demonstrate new types of age verification, is working on a number of initiatives.

Claire Perry: May I say what great comfort it is to know that the BBFC will be involved in the regulatory role? It suggests that this will move in the right direction. We all feel very strongly that the Bill is a brilliant step in the right direction: things that were considered inconceivable four or five years ago can now be debated and legislated for.Q
The fundamental question for me comes down to enforcement. We know that it is difficult to enforce anything against offshore content providers; that is why in the original campaign we went for internet service providers that were British companies, for whom enforcement could work. What reassurance can you give us that enforcement, if you have the role of enforcement, could be carried out against foreign entities? Would it not be more appropriate to have a mandatory take-down regime if we found that a company was breaking British law by not asking for age verification, as defined in the Bill?

David Austin: The BBFC heads of agreement with the Government does not cover enforcement. We made clear that we would not be prepared to enforce the legislation in clauses 20 and 21 as they currently stand. Our role is focused much more on notification; we think we can use the notification process and get some quite significant results.
We would notify any commercially-operated pornographic website or app if we found them acting in contravention of the law and ask them to comply. We believe that some will and some, probably, will not, so as a second backstop we would then be able to contact and notify payment providers and ancillary service providers and request that they withdraw services from those pornographic websites. So it is a two-tier process.
We have indications from some major players in the adult industry that they want to comply—PornHub, for instance, is on record on the BBC News as having said that it is prepared to comply. But you are quite right that there will still be gaps in the regime, I imagine, after we have been through the notification process, no matter how much we can achieve that way, so the power to fine is essentially the only real power the regulator will have, whoever the regulator is for stage 4.
For UK-based websites and apps, that is fine, but it would be extremely challenging for any UK regulator to pursue foreign-based websites or apps through a foreign jurisdiction to uphold a UK law. So we suggested, in our submission of evidence to the consultation back  in the spring, that ISP blocking ought to be part of the regulator’s arsenal. We think that that would be effective.

Claire Perry: Q  Am I right in thinking that, for sites that are providing illegally copyrighted material, there is currently a take-down and blocking regime that does operate in the UK, regardless of their jurisdiction?

David Austin: Yes; ISPs do block website content that is pirated. There was research published earlier this year in the US that found that it drove traffic to pirated   websites down by about 90%. Another tool that has been used in relation to IP protection is de-indexing, whereby a search engine removes the infringing website from any search results. We also see that as a potential way forward.

Thangam Debbonaire: First, can I verify that you both support adding in the power to require ISPs to block non-compliant sitesQ ?

David Austin: Yes.

Alan Wardle: Yes, we support that.

Thangam Debbonaire: Q  Good. That was quick. I just wanted to make sure that was there. What are your comments on widening the scope, so that age verification could be enforced for matters other than pornography, such as violent films or other content that we would not allow in the offline world? I am talking about things such as pro-anorexia websites. We know that this is possible to do in certain formats, because it is done for other things, such as copyright infringement. What are your views on widening the scope and the sanctions applying to that?

Alan Wardle: We would support that. We think the Bill is a really great step forward, although some things, such as enforcement, need to be strengthened. We think this is an opportunity to see how you can give children parity of protection in the online and the offline worlds.
It is very good, from our perspective, that the BBFC is doing this, because they have got that expertise. Pornography is not the only form of harm that children see online. We know from our research at the NSPCC that there are things like graphic violence. You mentioned some of the pro-anorexia and pro-suicide sites, and they are the kind of things that ought to be dealt with. We are supporting developing a code of practice with industry to work out what those harms are—and that is very much a staged approach.
We take it for granted that when, for instance, a child goes to a youth group or something like that, we make sure there are protections there, and that the staff are CRB checked. Somehow it seems that for children going on to the internet it is a bit like the wild west. There are very few protections. Some of the content really is upsetting and distressing to children. This is not about adults being blocked from seeing adult content. That is absolutely fine; we have no problem with that at all. But it is about protecting children from seeing content that is inappropriate for them. We would certainly support that widening, but obviously doing it in a staged way so that the regulator does not take on too much at once. We would certainly support that.

David Austin: I would echo what Alan says. We see this Bill as a significant step forward in terms of child protection. We absolutely agree with the principle of protecting children from a wider range of content—indeed, that is what we do in other areas: for example, with the mobile network operators and their adult filters. Like Alan, I think we see it in terms of more of a staged approach. The BBFC taking on this role is a significant new area of work—quite a challenge to take on board. I think there is a potential risk of overloading the Bill if we try to put too much on it, so I would very much support the NSPCC’s phased approach.

Thangam Debbonaire: Q  Is there anything further that you think needs to be added to the Bill to make the sanctions regime work? I am also thinking—at the risk of going against what you just said, Mr Austin—about whether or not we should be considering sites that are not designed for commercial purposes but where pornography or other harmful material is available on a non-commercial basis; or things not designed for porn at all, such as Twitter timelines or Tumblr and other social media, where the main purpose may not be pornography or other harmful material, but it is available. Do you think the Bill has enough sanctions in it to cope with all of that, or should that be added? Is there anything else you would like to add?

David Austin: There were a few questions. I will try to answer them all, but if I miss any of them please come back to me. In terms of sanctions, I have talked about ISP blocking and de-indexing. We think those could be potentially effective steps. In terms of commercial pornography, we have been working on devising a test of what that is. The Bill states explicitly that the pornography could be free and still provided on a commercial basis. I do not think it is narrowing the scope of the regulation an awful lot by specifying commercial pornography. If there are adverts, if the owner is a corporate entity,  if there are other aspects—if the site is exploiting data, for example: there are all sorts of indications that a site is operating on a commercial basis. So I do not see that as a real problem.
In relation to Twitter, which you mentioned, what the Bill says the regulator should do is define what it sees as ancillary service providers. Those are organisations whose work facilitates and enables the pornography to be distributed. There is certainly a case to argue that social media such as Twitter are ancillary service providers. There are Twitter account holders who provide pornography on Twitter so I think you could definitely argue that.
I would argue that Twitter is an ancillary service provider, as are search engines and ISPs. One of the things that we plan to do in the next weeks and months would be to engage with everyone that we think is an ancillary service provider, and see what we can achieve together, to try and achieve the maximum protection we can through the notification regime that we are taking on as part 3 of the Bill.

Just before we move on, shall we see if Mr Wardle also wants to contribute to things that should be in the Bill?

Alan Wardle: On that point, I think it is important for us that there is clarification—and I would agree with David about this—in terms of ensuring that sites that may for instance be commercial but that are not profiting from pornography are covered. Again, Twitter is an example. We know that there are porn stars with Twitter accounts who have lots of people following them and lots of content, so it is important that that is covered.
It is important that the legislation is future-proofed. We are seeing at the NSPCC through Childline that sexual content or pornography are increasingly live-streamed through social media sites, and there is self-generated content, too. It is important that that is covered, as well as the traditional—what you might call commercial—porn. We know from our research at the NSPCC that children often stumble across pornography, or it is sent to them. We think that streamed feeds for over-18s and under-18s  should be possible so that sort of content is not available to children. It can still be there for adults, but not for children.

Nigel Adams: Q  Can you give us your perspective on the scale of the problem of under-18s’ access to this sort of inappropriate content? I guess it is difficult to do a study into it but, through the schools network and education departments, do you have any idea of the scale of the issue?

Alan Wardle: We did research earlier this year with the University of Middlesex into this issue. We asked young people—under 18s—whether they had seen pornography and when. Between the ages of 11 and 18, about half of them had seen pornography. Obviously, when you get to older children—16 and 17-year-old-boys in particular—it was much higher. Some 90% of those 11 to 18-year-olds had seen it by the age of 14. It was striking—I had not expected this—that, of the children who had seen it, about half had searched for it but the other half had stumbled across it through pop-ups or by being sent stuff on social media that they did not want to see.
It is a prevalent problem. If a determined 17-year-old boy wants to see pornography, undoubtedly he will find a way of doing it, but of particular concern to us is when you have got eight, nine or 10-year-old children stumbling across this stuff and being sent things that they find distressing. Through Childline, we are getting an increasing number of calls from children who have seen pornographic content that has upset them.

Nigel Adams: Q  Has there been any follow-on, in terms of assaults perpetrated by youngsters as a result of being exposed to this?

Alan Wardle: It is interesting to note that there has been an exponential rise in the number of reports of sexual assaults against children in the past three or four years. I think it has gone up by about 84% in the past three years.

Nigel Adams: Q  By children?

Alan Wardle: Against children. Part of that, we think, is what you might call the Savile effect—since the Savile scandal there has been a much greater awareness of child abuse and children are more likely to come forward, which we think is a good thing. But Chief Constable Simon Bailey, who is the national lead on child protection, believes that a significant proportion of that is due to the internet. Predators are able to cast their net very widely through social networking sites and gaming sites, fishing for vulnerable children to groom and abuse.
We believe that, in developing the code of practice that I talked about earlier, that sort thing needs to be built in to ensure that children are protected from that sort of behaviour in such spaces. The internet is a great thing but, as with everything, it can be used for darker purposes. We think there is increasing evidence—Simon Bailey has said this, and more research needs to be done into the scale of it—that children, as well as seeing adult content, are increasingly being groomed for sex online.

Nigel Adams: Q  Mr Austin, what constructive conversations and meetings have you had with ISPs thus far, in terms of the potential for blocking those sites—especially the sites generated abroad?

David Austin: We have not had any conversations yet, because we signed the exchange of letters with the Government only last Thursday and it was made public only today that we are taking on this role. We have relationships with ISPs—particularly the mobile network operators, with which we have been working for a number of years to bring forward child protection on mobile devices.
Our plan is to engage with ISPs, search engines, social media—the range of people we think are ancillary service providers under the Bill—over the next few weeks and months to see what we can achieve together. We will also be talking to the adult industry. As we have been regulating pornography in the offline space and, to an extent, in the online space for a number of years, we have good contacts with the adult industry so we will engage with them.

Many companies in the adult industry are prepared to work with us. Playboy, for instance, works with us on a purely voluntary basis online. There is no law obliging it to work with us, but it wants to ensure that all the pornography it provides is fully legal and compliant with British Board of Film Classification standards, and is provided to adults only. We are already working in this space with a number of players.

Nigel Huddleston: Q  Obviously, the BBFC is very experienced at classifying films according to certain classifications and categories. I am sure it is no easy task, but it is possible to use an objective set of criteria to define what is pornographic or disturbing, or is it subjective? How do you get that balance?

David Austin: The test of whether something is pornographic is a test that we apply every single day, and have done since the 1980s when we first started regulating that content under the Video Recordings Act 1984. The test is whether the primary purpose of the work is to arouse sexually. If it is, it is pornography. We are familiar with that test and use it all the time.

Nigel Huddleston: Q  In terms of skills and resources, are you confident you will be able to get the right people in to do the job properly? I am sure that it is quite a disturbing job in some cases.

David Austin: Yes. We already have people who have been viewing pornographic content for a number of years. We may well need to recruit one or two extra people, but we certainly have the expertise and we are pretty confident that we already have the resources. We have time between now and the measures in the Bill coming into force to ensure that we have a fully effective system up and running.

Matthew Hancock: Q  I just want to put on the record that we are delighted that the BBFC has signed the heads of agreement to regulate this area. I cannot think of a better organisation with the expertise and the experience to make it work. What proportion of viewed material do you think will be readily covered by the proposed mechanism in the Bill that you will be regulating the decision over but not the enforcement of?

David Austin: I am not sure that I understand the question.

Matthew Hancock: Q  I am thinking about the scale of the problem—the number of views by under-18s of material that you deem to be pornographic. What proportion of the problem do you think the Bill, with your work, will fix?

David Austin: So we are talking about the amount of pornography that is online?

Matthew Hancock: Q  And what is accessed.

David Austin: Okay. As you all know, there is masses of pornography online. There are 1.5 million new pornographic URLs coming on stream every year. However, the way in which people access pornography in this country is quite limited. Some 70% of users go to the 50 most popular websites. With children, that percentage is even greater; the data evidence suggests that they focus on a relatively small number of sites.
We would devise a proportionality test and work out what the targets are in order to achieve the greatest possible level of child protection. We would focus on the most popular websites and apps accessed by children—those data do exist. We would have the greatest possible impact by going after those big ones to start with and then moving down the list.

Matthew Hancock: Q  So you would be confident of being able to deal with the vast majority of the problem.

David Austin: Yes. We would be confident in dealing with the sites and apps that most people access. Have I answered the question?

Matthew Hancock: Q  Yes. Given that there is a big problem that is hard to tackle and complicated, I was just trying to get a feel for how much of the problem you think, with your expertise and the Bill, we can fix.

David Austin: We can fix a great deal of the problem. We cannot fix everything. The Bill is not a panacea but it can achieve a great deal, and we believe we can achieve a great deal working as the regulator for stages 1 to 3.

Louise Haigh: Q  My question follows on neatly from that. While I am sure that the regulation will tackle those top 50 sites, it obviously comes nowhere near tackling the problems that Mr Wardle outlined, and the crimes, such as grooming, that can flow from those problems. There was a lot of discussion on Second Reading about peer-to-peer and social media sites that you have called “ancillary”. No regulation in the world is going to stop that. Surely, the most important way to tackle that is compulsory sex education at school.

Alan Wardle: Yes. In terms of online safety, a whole range of things are needed and a whole lot of players. This will help the problem. We would agree and want to work with BBFC about a proportionality test and identifying where the biggest risks are to children, and for that to be developing. That is not the only solution.
Yes, we believe that statutory personal, social and health education and sexual relationships education is an important part of that. Giving parents the skills and understanding of how to keep their children safe is also really important. But there is a role for industry. Any time I have a conversation with an MP or parliamentarian about this and they have a child in their lives—whether  their own, or nieces or nephews—we quickly come to the point that it is a bit of a nightmare. They say, “We try our best to keep our children safe but there is so much, we don’t know who they are speaking to” and all the rest of it.
How do we ensure that when children are online they are as safe as they are when offline? Of course, things happen in the real world as well and no solution is going to be perfect. Just as, in terms of content, we would not let a seven-year-old walk into the multiplex and say, “Here is ‘Finding Nemo’ over here and here is hard core porn—off you go.”
We need to build those protections in online so we know what children are seeing and to whom they speaking and also skilling up children themselves through school and helping parents. But we believe the industry has an important part to play in Government, in terms of regulating and ensuring that spaces where children are online are as safe as they can be.

Chris Matheson: To follow on from the Minister’s question, you feel you are able to tackle roughly the top 50 most visited sites. Is there a danger that you then replace those with the next top 50 that are perhaps less regulated and less co-operative? How might we deal with that particular problem, if it existsQ ?

David Austin: When I said “the top 50”, I was talking in terms of the statistics showing that 70% of people go to the top 50. We would start with the top 50 and work our way through those, but we would not stop there. We would look to get new data every quarter, for example. As you say, sites will come in and out of popularity. We will keep up to date and focus on those most popular sites for children.
We would also create something that we have, again, done with the mobile operators. We would create an ability for members of the public—a parent, for example—to contact us about a particular website if that is concerning them. If an organisation such as the NSPCC is getting information about a particular website or app that is causing problems in terms of under-age access, we would take a look at that as well. In creating this proportionality test what we must not do is be as explicit as to say that we will look only at the top 50.
First, that is not what we would do. Secondly, we do not want anyone to think, “Okay, we don’t need to worry about the regulator because we are not on their radar screen.” It is very important to keep up to date with what are the most popular sites and, therefore, the most effective in dealing with under-age regulation, dealing with complaints from members of the public and organisations such as the NSPCC.

Alan Wardle: I think that is why the enforcement part is so important as well, so that people know that if they do not put these mechanisms in place there will be fines and enforcement notices, the flow of money will be stopped and, crucially, there is that backstop power to block if they do not operate as we think they should in this country. The enforcement mechanisms are really important to ensure that the BBFC can do their job properly and people are not just slipping from one place to the next.

Claire Perry: Q  Of those top 50 sites, do we know how many are UK-based?

David Austin: I would guess, none of them. I do not know for sure, but that would be my understanding.

Claire Perry: Q  Secondly, I want to turn briefly to the issue of the UK’s video on demand content. My reading around clause 15 suggests that, although foreign-made videos on demand will be captured by the new provisions, UK-based will continue to be caught by Communications Act 2003 provisions. Do you think that is adequate?

David Austin: That is my understanding as well. We work very closely with Ofcom. Ofcom regulates UK on demand programme services as the Authority for Television On Demand, but it applies our standards in doing so. That is a partnership that works pretty effectively and Ofcom has done an effective job in dealing with that type of content. That is one bit that is carved out from the Bill and already dealt with by Ofcom.

Claire Perry: It is already done. Okay. Thank you.

We have given the witnesses a good half-hour grilling, so if no one is seeking to catch my eye—yes, Calum?

Calum Kerr: May I move on to intellectual property?

Fire away, sir.

Calum Kerr: Q  Thank you. There are some welcome measures in the Bill relating to making the protection of intellectual property online as same as it is offline. I note, though, that there is some concern about search engines and how intellectual property would be policed. What is your view on how that will work? Do there need to be additional powers?

David Austin: To be honest, we do not deal with intellectual property. Our core work is the protection of children, and intellectual property is another issue. We do work with an industry for which the protection of intellectual property is very important, but I am afraid I am not the person to ask.

Alan Wardle: I am not an expert on intellectual property, regrettably.

Colleagues, are there any other questions for these excellent witnesses? No. In that case, thank you very much indeed, David and Alan, for your evidence. We appreciate it.

Examination of witnesses

Dr Edgar Whitley and Mr Scott Coates gave evidence.

Q  We have roughly 45 minutes for this group of witnesses, if necessary. Will the witnesses please introduce themselves?

Dr Whitley: My name is Dr Edgar Whitley. I am an academic at the London School of Economics. Of particular importance for this session is the fact that I am the co-chair of the privacy and consumer advisory group of the Government Digital Service.

Scott Coates: Good afternoon. My name is Scott Coates and I am the CEO of the Wireless Infrastructure Group, an independent British wireless infrastructure company that builds and operates communication towers and fibre networks.

Louise Haigh: Q  In your written evidence, Mr Coates, you talked about the need for greater diversity in the ownership of mobile infrastructure. Does the Bill go far enough on that?

Scott Coates: We welcome the measures in the Bill to improve the speed at which infrastructure can be deployed and to improve the economics of deploying the infrastructure. It is critical to understand that there are different ways of deploying infrastructure. There are different ownership models, for which the Bill could have different impacts. When I say “infrastructure”, I mean the kind of mobile and fixed infrastructure that you see in the field, whether that is cables, ducts, cabinets or communication tower facilities.
There are two different types of owners of those types of infrastructure. First, the vertically integrated players are effectively building and operating that infrastructure for their own networks, primarily, and their business case is based on their economic use of that infrastructure. Secondly, you have a growing pool of independent infrastructure companies, of which we are one. We are very different from the traditional, vertically integrated players in that we are investing in infrastructure not for our own network, but to provide access, on a shared basis, to all other networks.

Louise Haigh: Q  What are the current proportions for ownership?

Scott Coates: If I talk about mobile infrastructure, around a third of the UK’s communications towers—of which we think there are around 27,000 in the UK—are independently operated. It is really interesting that, globally, there has been a very firm shift over the past decade towards more independent operation of such upstream digital infrastructure.
Currently, more than 60% of all communication towers globally are held in an entity separate from the networks that use them. In countries such as India or the US, that figure is somewhere between 80% and 90%. There are real benefits that flow from the independent ownership of infrastructure. We are trying to do more in the UK, but the UK currently lags behind in the global statistics I mentioned.

Louise Haigh: Q  Does the Bill do anything to address that?

Scott Coates: One of the things that we acknowledge and welcome in the Bill is that it is very clear about maintaining investment incentives—not just for the vertically integrated players, but for the independent infrastructure players such as ourselves—

Louise Haigh: Q  It will not do anything to address the proportion, will it? It will only entrench the division already there.

Scott Coates: I do not think that the Bill does anything to encourage more independent infrastructure. The Government’s policy position at the moment is very  clear: they want to maintain investment incentives for independent infrastructure. To achieve clarity on this requires that the Bill is worded very carefully.
When we deploy our tariff facilities and infrastructure on or adjacent to land, as things are now one of the definitions of UK land often covers things that sit on that land. One of the potential risks is that if the activities we engage in and the facilities that we deploy are not carefully carved out, they risk being treated as land. Under the new valuations principles in the communications code, that potentially risks giving them no value or low value, which would obviously be devastating to investment appetite. The consequence of that would be further concentration of infrastructure ownership in the hands of the larger, vertically integrated players who have different incentives from us when they approach this.

Louise Haigh: Q  So there is potential for this to get worse, but what could be done to actually encourage more independently owned infrastructure?

Scott Coates: We would like to see a carve-out that is as clear as possible for the activities that we are engaged in. We would like to see it made absolutely clear that the communications code, which is a compulsory purchase tool to bring land into the telecoms sector, does not drift beyond that focus and risk entering into what is really Ofcom’s territory, which is to govern the relationships between telecoms companies.

Louise Haigh: Dr Whitley, if I may jump to part 5 of the Bill, we heard earlier that there were concerns that the Government have not taken sufficiently into account safeguards around privacy and personal data. Do you think that this strikes the right balance between open policy-making and privacy?Q

Dr Whitley: My main concern with part 5 is that the detail is just not there. The codes of practice that one would expect to have there, which would give the details about how privacy might be protected, are not present. We have been involved with the privacy and consumer advisory group. As far as I can tell, we had our first meeting with the team who were developing these proposals back in July 2013. We said from the very beginning that we want detail, because when we have specific details we can give advice and suggestions and review it, but we have never had that level of specific detail.

Louise Haigh: Q  So the proposals do not reflect at all the three years of consultation that have taken place?

Dr Whitley: Obviously, that is reflected in some parts of the proposals, but we asked for more details specifically on how privacy will be protected regarding the data-sharing proposals, and that is still not there.

Louise Haigh: Q  Should that detail be in primary legislation?

Dr Whitley: Whether it is in primary legislation or in codes of practice, my personal view is that you need a certain level of detail to be able to make an informed decision. Otherwise there will be some vague position of, “We will share some data with other people within Government. Trust us, because we are going to develop some codes of practice that will be consulted on and will then be put in front of Parliament. There will be  protections and it will all be fine”. We are saying that there are lots of different ways of doing that. The earlier you give us at least a first attempt at those details, the better we can improve it.

Louise Haigh: Q  In that period of consultation, was the detail around transparency never discussed?

Dr Whitley: It depends. There has been talk along the lines of there being codes of practice and liaison with the Information Commissioner’s Office, so at a very high level there has obviously been some discussion. But at the very specific level—for example, the civil registration clauses talk both about allowing a yes/no check around whether there is a birth certificate associated with a family, while on the other hand there will be bulk data sharing within Government so that different Departments can know stuff and possibly make things better for society.
One half of that seems to be quite specific, and you can see how it could well be designed as a simple “Does a birth certificate exist for this person?” and the answer is yes or no. The privacy protections around that are reasonably well known and not very much data is being shared. Then the other illustration just says, “we will share these data with other bits of Government” and there is nothing there about what kind of privacy protections might be put in place. There are many different ways in which that can be done, but until we have some specific details, we cannot give you sensible reviews as to whether that is a good or not so good way of doing it.

Nigel Huddleston: Q  Mr Coates, what role should wireless technologies play in achieving the universal service obligation?

Scott Coates: There is no doubt that for the last 5%, maybe a greater proportion than that, wireless technologies have a significant role to play. Six of the seven trials run by the Department for Culture, Media and Sport earlier this year were of a wireless-based structure. I think there is a role for it. It is also interesting, as you look beyond 10 megabits to the future when universal service means something far more substantial than that, that a new disruptive technology is coming.
Everyone is talking about 5G; it does not really exist at this stage, but we know it is going to be ultra-high bandwidth, ultra-low latency, with the potential to be a disruptive technology and replace fixed line to the home. Some countries around the world that have not had the wave of fixed line technology roll-out will be moving straight to wireless as their domestic broadband service.

Nigel Huddleston: Q  What kind of timescales were you thinking about for the achievement of 5G?

Scott Coates: With 5G, it is really hot and talked about now, but it is still some way off. Mobile operators will market it strongly and talk about it strongly, but there was something last week from France Telecom admitting it does not know what it is yet, and that is the substance of the matter.
As we come in to the early 2020s, at the beginning of the next decade, we will start to see something. Interestingly, the infrastructure that is going to enable it is starting  to go down now, so particularly in urban areas; as  the concentration of cell sizes needs to get smaller   and smaller, the infrastructure needed to power faster 4G services will ultimately be the infrastructure used to power 5G.
Coming back to the structure of the industry, it is critical that there is a competitive infrastructure market for 5G. As a new technology that is a combination of wireless and fibre, it has the opportunity to have multiple infrastructure parties competing. It also carries the risk of being a monopolised infrastructure.

Nigel Huddleston: Q  Is this roll-out likely through purely commercial models or do you see a role for some kind of Government support here?

Scott Coates: In terms of using wireless to achieve USO, mobile as a technology has a very clean and efficient way of pushing out coverage to rural parts of the population, and that is through the licences. There is another major round of licensing, with something called 2.3 and 2.4, which is coming soon.
There is also 700 MHz, which is a really powerful frequency for delivering coverage into rural areas and which has already been licensed in many European countries. It is not licensed here yet, but the rules of those licences create an opportunity to get coverage out to the most rural parts of the country. You could do things like in Germany, where they said rural areas have to be covered before urban areas. That is the most efficient way of unlocking coverage from a wireless perspective in rural areas.

Scott Mann: One of the biggest challenges facing coastal and rural communities like mine is the problems with undulating coastlines and areas of outstanding natural beauty. I am interested in your thoughts on how we can strengthen the Bill to make sure we get out to some of the rural areas left behind in the pastQ .

Scott Coates: I refer you back to the last question. The most efficient way to deal with that is through the licences. There is licensing coming up that will create an opportunity. Unfortunately, it is going to be a few years before the airwaves that deliver that are available for deployment.
There is a lot of activity happening in the sector at the moment. The mobile operators are very busy investing in their networks and we are working hand in hand with them to help them deliver that. I know we are building new towers in coastal areas right now; I do not know if we are building one in your constituency. So it is getting better. Bear in mind that the Government struck a deal with the mobile operators 18 months ago and the operators are busy investing on the back of that. In the last 4G licence, when the 800 MHz got auctioned, one of the licence lots, bought by Telefónica, required it to cover more of the country, so Telefónica is investing on the back of that as well.

Claire Perry: Q  I want to push Dr Whitley on the privacy question. I think that what you are asking for, a code of conduct and some clarity, is reasonable, but equally, we cannot know what the demands and the questions might be going forward, or the data requirements. I look back on where Government do share data, querying the national insurance database, or, indeed, the Government ID project, where DVLA records were  queried as a measure of identity, it all appeared to be fine, there were no issues of privacy or data loss, to my knowledge. In a way, should we not be taking on trust—I know that trust is a word people never like to use with Government, whereas we trust corporates all the time with all kinds of data—that we have not had a problem and that the right rules and procedures and the spirit of privacy will be protected?

Dr Whitley: You have highlighted a very privacy-friendly way of checking data that says, somebody has a database and you look it up and you say, “This particular person, or this particular attribute, is it true, yes or no?” Referring to the previous evidence session and the question, “Is this person over 18 and therefore able to access?”, yes/no seems a perfectly reasonable way of doing that and that is the kind of thing that we have been encouraging Government to do. As you say, the Verify programme uses exactly those kinds of checks. The problem is that, without that level of detail, it is not at all clear that that is going to be proposed for all parts of the data sharing. Again, with the civil registration data, they say explicitly, “We want to do bulk sharing” and that is, by definition, not a yes/no check. That is, “Here is a set of data that we have that we think will be useful for your Department to match against and thereby tailor particular services.”
As the National Audit Office reported a few weeks ago, there were 9,000 data incidents within Government in 2014-15. If you start just moving the data around, you really run the risk of data incidents of varying levels of severity, and if you do not have that detail you have to rely on trust. Is it not better to have that detail, so you can say, “This is what we want to do, this is the way we are thinking of doing it”, and ask experts, not only in PCAG but in general, “Do you have any issues or concerns about that and, if you do, what alternative ways might there be for addressing those?”?

Claire Perry: Q  Do large corporate families do that? Nobody ever reads the Ts and Cs, but if they do, do you give explicit permission for your data to be handled around the Facebook family, for example, in the way that you suggest Government should specify? That is just a question from ignorance.

Dr Whitley: I do not know exactly how Facebook would handle it, but even if you are not worried about the data breach and data loss issue there is just a simple efficiency thing: it is a lot easier to have small pieces of data—yes/no, they are interested in this form of cat food, they are interested in those kinds of holidays, therefore target adverts based on that—than sending huge swathes of data to other parts of the system for duplication and therefore increasing the risk of data loss.

Claire Perry: Q  It is an operational concern as well as a privacy concern?

Dr Whitley: Yes. From my perspective you start with a privacy concern that says, minimise the data that you are handling, do not have it in duplicate locations all over, but a consequence of starting with that privacy concern is that you also have very clear operational efficiencies; that you are not duplicating data and you are not having large amounts of data in your system, because the more data you hold, the more likely it is that there will be a breach, an attack, an accidental loss or whatever.

Rishi Sunak: Mr Coates, will you expand a little on your experience, internationally, of licence requirements in broadening coverage to rural areas? What is the specific benefit of independently owned infrastructure for rural communities, in bringing access to places which struggle with mobile signal today?Q

Scott Coates: I am going to pick on two countries that we have looked at making investments into. Germany, which I mentioned earlier, has an outside-in policy, so you have to cover their rural areas with your new batch of spectrum before you are allowed to deploy it into urban areas. France has got a very interesting model, in which they have compartmentalised the whole country. At the moment the Ofcom licences ensure that Scotland, England and Wales have their own targets, but if you break it down even further, the demands become higher on those targets. We have seen some targets in France where, by compartment, we are looking at 99.6% coverage by 2027. They have given the industry a long time to reach that target, but it is very bold. If people knew it was going to get better, maybe it would become a bit more understandable. This is not like changing a lightbulb; this is infrastructure that needs to be built.
I think there are three benefits of independent infrastructure. First, there is clear evidence that it enables better connectivity. Because our infrastructure is operated independently of a network, we do not have any of the conflicts of interest that normally exist in the vertically integrated model, in which the infrastructure owner is forced to provide access to their competitor. Because we focus only on infrastructure—it is our core business model—we tend to build better infrastructure, and we share it with more networks. There is evidence out there. Ernst and Young looked at this last year and studied independent communication tower ownership across north America and Europe. They compared it with communication towers that are owned as part of mobile networks. They found that there are twice as many networks using the independent infrastructure, compared with the vertically integrated owned infrastructure. That is twice the productivity coming off a piece of infrastructure, which is transformational, when it comes to enabling connectivity, particularly in rural areas.
The second benefit is around investment. At the end of the day, solving these problems comes down to investment. Independent infrastructure opens up a whole new channel of investor and brings a different type of investor into our industry: long-term, low-cost-to-capital infrastructure investors who are targeting infrastructure only. They do not want to invest in the retail operations or in buying premiership football rights; they want to invest purely in infrastructure. We can be a conduit to bring in that capital to invest in infrastructure. Earlier this year, after 10 years of various rounds of financing, our business announced a major fundraising transaction with a UK blue chip infrastructure investor—3i Infrastructure plc—and a north American investor that invests on behalf of state pension plans. That is exactly the kind of capital you want—long-term, patient capital—fuelling the growth of infrastructure.
The final benefit is in and around competition. We create competition at the infrastructure level. On the fixed-line side of the market, you can see some of the challenges from a lack of competition. But we also enable competition at a retail level, because our  infrastructure is open for everyone to use. Mobile operators are the biggest users of our infrastructure, but well over 100 different network use our infrastructure in rural areas. Sometimes that can mean a local wireless broadband company that simply cannot afford to build its own infrastructure and would find it very difficult to get access to a mobile operator on a piece of infrastructure. On average, every one of our towers in the UK supports a non-mobile operator network running over it. Those are the three benefits of independent infrastructure.

That is known in the trade as a comprehensive reply. Thank you.

Calum Kerr: There was a Coates who played for Liverpool. He was from Uruguay, so they called him Co-ah-tez.

Scott Coates: He played against England once.

Calum Kerr: Q  He will again.
I would like to ask you about the USO, and then  I would like to come on to the mobile environment. I have a problem with the USO not just because of the lack of ambition and what 10 megabits means for people living in those areas, but because the tactical low-speed USO will not push fibre a lot further. The lines between wired and wireless are blurring all the time, so would a more ambitious USO with faster speeds help you, in terms of pushing fibre further and putting other infrastructure out there?

Scott Coates: I think it comes down to the cost element. The further out you go with fibre, the more expensive it becomes. Our infrastructure in rural areas tends to be bigger pieces of infrastructure, so quite often there is fibre coming through it or it links to a site that has fibre, and that creates more bandwidth to power the wireless services coming over it. More generally, I would say that the USO is a start. No one is going to be happy with 10 megabits in a few years, but I would say that you need to start somewhere and it needs to be manageable from a cost point of view.

Calum Kerr: Q  I will not ask you, then, whether the Scottish Government’s policy to have 30 megabits everywhere is more appropriate. I think that everyone is in agreement that the electronic communications code needed to be reformed, and there are some welcome measures in there, but as an independent infrastructure provider, do you honestly think that that will lead to more coverage by mobile providers, or will it simply give them a better bottom line?

Scott Coates: There are certainly measures that will make it easier to get rid of the bottlenecks and faster to resolve disputes. Running cables to connect up mobile sites has been a real challenge, so being able to fix those problems—that is not really about economics; it is about having faster resolution. Some of the pricing elements I do not think will have a material impact in rural areas when the commercial case to invest is not really there for the mobile operators anyway. The only way you can deal with that is through the licences. The new code will help to remove some of the ransom costs that we see in the industry and certainly give us a much more powerful weapon against those, but on a day-to-day  basis, we do not expect to be moving towards compulsory-based conversations with our customers. The industry needs to work on a voluntary basis. That is absolutely essential; it is how it works everywhere else in the world. We have busy infrastructure facilities. We are there on average every 12 days. We need to have a good partnership with our land providers. The code is a really helpful and powerful new tool of last resort, but our whole industry needs to maintain a voluntary basis of engaging as our MO for dealing with landowners.

Calum Kerr: May I ask two quick follow-ups?

Very quickly.

Calum Kerr: Q  Thank you very much. Mr Coates, I thought you gave a great overview of why independent infrastructure is really important. You obviously feel a concern, so is there specific wording that you would like to see in the Bill that we could discuss at the next stage to ensure that you are protected and the value of your assets is not lost?

Scott Coates: Thank you for that question. We have had a really engaging journey with the Minister’s officials. They have been very diligent and transparent in engaging with us all the way through this fairly long process on the communications code. Our concern generally is that there is a fine line between the technical drafting that says that what we do on land is not covered by the communications code, and the risk of a legal challenge that it might be and might have nil or low value. What we have really asked for is as much clarity as can be provided. That will help to enhance the investability of our business. We are in a different place from the mobile operators and some other network providers, because we do not get any economic benefit from our own infrastructure; it is built for other people to use, so we are not a net user of infrastructure.

Calum Kerr: Q  So that is a, “Yes, if possible, please.” It is okay; do not answer that. You have already answered. My final quick question is this. Although this is not retrospective, is there any case for excluding existing sites, if this is really about building out more network, in terms of the valuation element, given that a lot of those sites are actually on publicly owned land?

Scott Coates: There is certainly a difference in the substance of a transaction when you are approaching a farmer, a sports club, a university or whatever and asking for access to build a new piece of infrastructure where there is new coverage, and you are having that negotiation in the context of a new communications code that has tighter reference points on pricing. You will have more leverage for that conversation. You will still end up, I believe, paying them a rate way in excess of what zero value would be because that is just how you have those conversations, but it will be less than what is paid today, that is for sure, because you have got this new reference point. The substance of that is very different from the substance of a voluntary agreement you entered into with a firm six or seven years ago and that comes up for renewal in two to three years and the infrastructure is already there.
I think it is important that we have a robust set of tools as an industry but, as I mentioned earlier, it is equally if not more important that the industry acts responsibly and avoids behaviour such as forcing situations  where they need a new compulsory purchase tool, even though they have already got access today. There is definitely a way of engaging on existing sites that should be a bit different from new sites, as part of a package of trying to maintain the voluntary support of the land and property sector for our industry.

Matthew Hancock: Q  Could you set out in more detail—you have already gone into this a bit—about what you mean when you say that the code should include land owned by the infrastructure providers but not the apparatus, and the distinction there in the written evidence?

Scott Coates: It comes back to this. Under UK property law, anything that affixes to land could be considered land. At the moment, the code effectively is to regulate land coming into the telecom sector, not to regulate the relationships between telecoms companies. It carves out from land the apparatus.
I am advised that there is a risk of ambiguity. That is probably the best way I could describe it. It may be challenged down the line. This is an evolving and dynamic industry where we don’t exactly know the physical things we are going to be deploying in future. There is a risk that some of the things we do might receive a challenge that it is land not apparatus. I do not know.
Is a new runway at Heathrow infrastructure or land because it sits on top of land? Is the national grid transmission network an infrastructure asset or land because it sits on land? It is a fairly technical point. Like all these things, once the lawyers are running around looking at them, they will find concerns.
All we are saying is that we invest over 20 to 30-year horizons. The more clarity that can be provided is helpful. We acknowledge and clearly appreciate the intent behind Government policy to protect investment and passive infrastructure but more clarity around that will only help the investability of what we do.

Matthew Hancock: Q  Thanks. I am also grateful for what you said about the team at DCMS, who will have picked up on your kind words I am sure. I wanted to follow up on 5G. You talked earlier about the 5G roll-out. This is a bigger-picture question. What do think the Government need to be doing now to ensure that we are in the lead when it comes to the roll-out of 5G?

Scott Coates: People must be exhausted with hearing about the challenges with Openreach and what can be done there. The key thing is to help facilitate our competitive market for infrastructure. So 5G has the ability to be driven by the mobile operators, by the fibre players, by independent infrastructure companies. If you look at the US, half the small cells that power 4G and 5G are actually going in by independent infrastructure players; mobile operators as well as fibre players are in there, too.
It comes down to helping to facilitate as competitive a market as possible. We have started deploying infrastructure in at least one city in the UK: 4G initially, but it will lead to 5G. We would love to be able to get a competitive basis of access, or any access, to BT ducts. We cannot do that, despite the fact that they can access every single piece of our infrastructure.
That is one thing. The other thing is around the planning permissions for affixing equipment to lampposts. We are working in Aberdeen and I have to say that we have had a fantastically positive experience with the local council, which has been amazing and very supportive in everything we have been trying to do there. That experience is not shared across other councils in the UK.

Matthew Hancock: Q  Thanks very much. Dr Whitely, would you say that, done right and should the codes come out right, the clauses in the Bill have the potential to improve public services through better use of data?

Dr Whitley: Absolutely. You could have a side question about whether, for example, focusing on subsidies from energy providers is the best way to deal with fuel poverty, but in terms of that specific focus—if it is done right—then, absolutely. Our concern is that we just do not have the detail as to whether or not it is going to be done right. That has been the frustration over the last three years.

Drew Hendry: Q  I want to talk about the spectrum licensing issue. We spent a lot of time in earlier sessions talking about the minimum average speed, particularly for SMEs, as being 10 megabits per second and whether or not that was ambitious for the future.
You talked about the outside-in licensing regime that could be possible—and is possible in other countries since it is being deployed, particularly for new tech and for the 700Mhz and the 5G licensing that will come. If that approach is adopted by the UK Government in terms of licensing, is it your belief that it would make that inequality almost go away and that it would deliver much greater equality across the pace of speeds for people to access business and other methods that they need?

Scott Coates: If a policy objective is to ensure that rural areas get a high quality mobile signal, then forcing the industry to invest in rural areas—and effectively funding that by allowing them to pay less money for the licences that they acquire—is the most efficient way to deliver that. It would have positive outcomes, for sure.

Drew Hendry: Q  So it would achieve that aim, in your view, and it would to a great extent future-proof the need to go to that level of where you are going from 10 megabits per second to a higher level, and then a higher level again. Is that correct?

Scott Coates: Yes. The industry invests in order to stay competitive in areas where the market is working, and—where the licences oblige them—to invest in areas where the market is not working. The infrastructure needed to support some of these new services needs to be high bandwidth to support that, which will then support the uplift into the future in quality and speed of service.

Two more questions to this set of witnesses.

Nigel Huddleston: Q  Dr Whitley, are you excited by the potential opportunities of the use of big data by Government?

Dr Whitley: This is not about big data but data-sharing, but there are opportunities there for big data to be used. There are questions about how you manage it and about how you handle it.
One of the other things that I am involved with is a steering group for the Administrative Data Research Network, which is where administrative data can be used by researchers in very strictly controlled environments to answer interesting research questions, generate hypotheses and explore those hypotheses by matching data from various different Government datasets. But that is done in a very locked down, secure environment with no mobile phones and no taking out of data and so on. So there absolutely are opportunities, but doing it right is what I particularly care about.

Nigel Huddleston: Q  We are one of the most sophisticated digital economies on the planet and we have some of the brightest brains on the planet. Surely we can work this out.

Dr Whitley: Yes. The process has been going on for three years and we still do not have codes of practice. That is the bit that puzzles me. If we have all these brilliant brains can they not put together even a draft code of practice, so that we can know what we are talking about?
For example, in the consultation around fuel poverty, it talked about gathering data and matching up potential houses and individuals who might benefit or be at risk, and it says that they will inform the licensed energy suppliers as to which of their customers should receive assistance. That, to me, sounds like a push: “Here is a big set of customers that may or may not belong to your company. Check through that list to see whether or not any of them are your customers and give them a fuel discount.”
But then a couple of paragraphs further on—this is the consultation relating to the proposals—the Government would simply have an eligibility flag along with customers’ names or addresses for doing that. Even in the consultation, it does not seem that these brilliant minds have been applied as well as they could be.

Nigel Huddleston: Q  Once we work that out, which I am confident we will, where are the opportunities? Where is the up side? Where is the positive stuff coming out of this? How can Government be better as a result of this? I am always an optimist.

Dr Whitley: Done right, there are fantastic opportunities. Government is digitising. The GDS has got lots of experience about how to manage and handle and do attributes checking, which is what most of this is. There are definitely opportunities and the skills, but somehow something has gone wrong with regard to these proposals.
It is not as if the proposals have been rushed through in the past few minutes. We have been looking at these and asking for more details since July 2013 and we are still here without even a resemblance of a code of practice. Part 5 has six codes of practice that need to be developed and none of them is here. Yes, please, but some detail. I am academic; I want to see the detail.

Louise Haigh: Q  As you say, it is an enormous shift in terms of data sharing within Government. Clause 29 would allow personal data on citizens to be shared if there is a
“contribution made by them to society”
or wellbeing to be gained. That basically covers anything, doesn’t it? Why have the Government not produced  even a draft code of practice at this stage? How can we possibly be expected to vote on this while plainly placing blind faith in the Government?

Dr Whitley: You are basically saying what I was going to say. If you compare the comprehensive replies that Mr Coates has been able to give, talking about very specific details, with the vague “we don’t know anything” comments that I have made, you see that it is a real problem and also an issue for more general scrutiny of technological issues. If you do not have details about the different mobile phone frequencies that you are talking about, you cannot make detailed policy. Yet when it comes to data sharing, there is a sense that it will all work out in the end because we have the right people to do it.

Louise Haigh: Q  How would you advise the Government to achieve that code of practice?

Dr Whitley: We have consistently said—the Privacy and Consumer Advisory Group particularly, because we have this existing relationship with Government, but civil society and experts more generally—that we are more than happy to engage. We have repeatedly said, “Give us some detail. Don’t just come and talk about high-level stuff. Give us the detail and we will give you detailed comments to improve the process.”
That has worked very well in relation to the Verify scheme; that is privacy friendly and has a lot of support from the kinds of people who are very concerned about privacy. So the expertise is there and the working relationships are there. Give us an opportunity to help; we want to. It is just that we need something to work on.

Louise Haigh: I hope the Minister has heard that.

Thank you very much to Mr Coates and Dr Whitley for some excellent evidence. We are very grateful. We will now move on to our next set of witnesses.

Examination of Witnesses

Jim Killock and Renate Samson gave evidence.

Thank you to our next two witnesses for being here promptly. We will now hear evidence from Big Brother Watch and the Open Rights Group. For this session we again have broadly half an hour to 45 minutes. Will the witnesses please read their names into the record?

Jim Killock: I am Jim Killock, executive director of the Open Rights Group.

Renate Samson: I am Renate Samson, chief executive of Big Brother Watch. We were also a member of the open policy making group and the Privacy and Consumer Advisory Group, to which Dr Whitley referred earlier.

Thank you. I turn first to Louise Haigh.

Louise Haigh: Q  I will pick up where we left off, if that is okay. You were both involved in the consultation process for part 5 of the Bill. Did the proposals come  as a surprise to you? Do they make sense to you as  data experts?

Renate Samson: No, they do not make very much sense, if I am honest. As I said, we were a member of the open policy making process and we also submitted to the consultation. I am genuinely surprised that after a two-year process, all of a sudden it felt very rushed. There were conversations and meetings happening right up to the Queen’s Speech; there was still a general lack of clarity, particularly on safeguards, and many questions were still being asked, such as how, why, when and so on. The next thing we knew, it was in the Queen’s Speech and the Bill was published.
Reading through part 5—and I have read through it a lot and scratched my head a great deal, mainly for the reasons given in evidence earlier today—you see that the codes of practice, which would explain an awful lot of what we imagine is meant or may not be meant, just have not been published. I have repeatedly asked for them and been given various expected dates, and we are sitting here today without them but with the Bill already having been laid before Parliament.
We have also done a lot of work on the Investigatory Powers Bill, for which the codes of practice were there right from the start. There was clarity as to what was intended and what was going to be legislated for, straight up. So, I am profoundly disappointed, because data sharing and digital government are hugely important and we seem to be very far away after a very long process.

Jim Killock: It is worth considering why the open policy making process was put in place. Data sharing is known to be potentially controversial. It was knocked out of at least one previous Bill a few years back when proposed by Labour because of the lack of privacy safeguards. Everyone understood that something more solid was needed. Then the Cabinet Office was very keen to ensure it did not raise hackles, that it got the privacy and the safeguards right, that trust was in place. It was therefore a surprise, after that intense process, to get something back that lacked the safeguards everybody had been saying were needed.
We are particularly concerned not only about the lack of codes of practice, but the fact that a lot of these things should be in the Bill. Codes of practice are going to develop over years. We need to know about things like sunsetting, for instance—that these things are brought to a close, that you do not just have zombie data sharing arrangements in place, where everyone has half-forgotten about them and then suddenly they are revived. You need to have Parliament involved in the specifics.
As we have heard, data sharing has a huge range of possibilities, starting with the benign and the relatively uncontroversial: statistics and understanding what is happening to society and Government policy, where privacy is relatively easy to protect. You use the data once, you do the research and that is it. It ranges from that through to the very intrusive: profiling families for particular policy goals might be legitimate, but it also might be highly discriminatory. Getting to the specifics is important.
You need the safeguards in place to say, “These are the kinds of things we will be bringing back; these  are the purposes that we may or may not share data for.” That way, you know there is a process in place. At the moment, it feels like once this has passed, the gate  is opened and it is not necessarily for Parliament to scrutinise further.

Louise Haigh: Q  We talked earlier about the bulk transfer and bulk sharing of data, and an earlier witness talked about providing data access, rather than data sharing. Should the Government not be pursuing trials on that basis, rather than these enormous powers without any kind of assurances to the public or parliamentarians about how they will be using them?

Renate Samson: It was very specific at the end of the open policy making process that, for example—put the bulk to one side for a moment—but regarding the fraud and debt aspect of the Bill, it had been agreed that three-year pilot projects would take place with subsequent review and scrutiny potentially by the OPM or by another group. They are in the Bill as a piece of legislation with the Minister deciding whether or not it is okay and potentially asking other groups, which are not defined. That is half an answer to half your question. Pilots are an excellent idea if they are pilots, not immediate legislation.
With regards to the bulk powers in the Bill, civil registration documents were a late addition. We are still not clear as to their purpose. The purpose given in the consultation to the OPM process, but also in the background documents relating to the Bill, is a whole mix of different reasons, none of which, I would argue, are clear and compelling or, indeed, necessary and proportionate. But again, as you have heard a lot today, without detail, how can we properly answer your question?

Jim Killock: I have a quick observation on this. We currently have a data protection framework. The European Union is revising its data protection laws; they are somewhat tougher, which is quite a good thing, but we do not know what the future of data protection legislation is in the UK. It might be the same or it might be entirely different in a few years’ time.
That is a very good reason for ensuring that privacy safeguards are quite specific and quite high in some of these sensitive areas, because we do not know whether the more general rules can be relied on and whether they are going to be the same. That is not to say that we do not need higher safeguards in any case here, because you are not dealing with a consent regime. People have to use Government and Government have to look at the data, so it is not a mutual agreement between people; you have to have higher safeguards around that.

Thangam Debbonaire: Q  My questions are directed at Mr Killock and relate to paragraphs 37 and 38 of your submission, “Definition of pornographic material”. We heard earlier that both the NSPCC and the British Board of Film Classification support a provision to require ISPs to block websites that are non-compliant. There was also discussion of widening the scope to apply the restrictions to other harmful material that we would not allow children access to in the offline world. Here, you seem to be questioning the value of that:
“This extension of the definition…also raises questions as to why violent—but not sexual—materials rated as 18 should then be accessible online.”
I also question this consistency but the solution, to me, seems to be that we should include other material, such as violent material and pro-anorexic websites, as we talked about earlier. Will you tell us a bit more about what your objection is to creating a framework to keep children as safe online as they are offline?

Jim Killock: We have no objection; it is a laudable aim and something we should all be trying to do. The question is, what is effective and what will work and not impinge on people’s general rights? As soon as you look a little beyond pornography, you are talking about much more clear speech issues.
There will be a need to look at any given website and make a judgment about whether it should or should not be legally accessed by various people. That starts needing things like legal processes to be valid. Some of the things you are talking about are things that might not be viewed by anybody, potentially. The problem with all these systems is that they just do not work like that. They are working on bulk numbers of websites, potentially tens of thousands, all automatically identified, as a general rule, when people are trying to restrict this information. That poses a lot of problems.
I also query what is the measure of success here. Because I feel, I suspect, that the number of teenagers accessing pornography will probably not be greatly affected by these measures. There is more of an argument that small numbers of children who are, perhaps, under 12 may be less likely to stumble on pornographic material, but I doubt that the number of teenage boys, for instance, accessing pornographic material will be materially changed. If that is the case, what is the measure of success here? What harm is really being reduced? I just feel that, probably, these are rather expensive and difficult policies which are likely to have impacts on adults. People are saying it is not likely to affect them, but I rather suspect it might, and for what gain?

Thangam Debbonaire: Q  You have mentioned your feelings and your suspicions but, actually, the British Board of Film Classification already has a system for identifying for instance pro-anorexic, pro-suicide and violent websites. It already has a system for use on mobile networks.

Jim Killock: No, it does not.

Thangam Debbonaire: Yes, it does. They sat right here this afternoon.

Jim Killock: No it does not. The mobile providers have a system that the BBFC—
Q Thangam Debbonaire: So a system exists?

Jim Killock: They have a system, which is not wildly accurate that people choose to use. To the extent that they are choosing to use it, there is some legitimacy around that. People choose to have websites blocked and they understand that a certain number of them may be incorrectly blocked, that is OK.

Thangam Debbonaire: Q  Are you saying that that sort of system does not exist, because we were told that it did earlier?

Jim Killock: This is what they are currently doing: they are blocking websites, which are sometimes the right websites, sometimes not; sometimes the right websites are not blocked. It is essentially automated decision making that comes with the problem that you can only really do this by things like keyword search. There are not enough humans available at the right price to do the review, so all kinds of things get blocked for essentially no real reason. For instance, we have had a widget manufacturer—

Thangam Debbonaire: Q  Forgive me for interrupting Mr Killock, but there is a good reason. You asked about successful outcomes—and if you are going to ask a question, I am going to answer it—the successful outcome is that children are protected in the online world in the same way as they are protected in the offline world. I have to reiterate this to you: I do not understand why you think it is a risk worth taking that some adults may or may not have their own personal preferences infringed, balanced against the harm which we know is done to children. On teenage boys, just saying that because teenage boys may or may not continue to watch pornography there is no point, that seems to be a very sad conclusion to come to.

Jim Killock: The point is that you can help children to be protected, the questions is, what is the best way? For instance, I agree with the NSPCC’s calls for the compulsory education of children. Of course that should be happening and it is not. Similarly, Claire Perry’s initiative to have filters available has its merits. Where I have a problem is where adults are forced into that situation, where they are having websites blocked and where there is little redress around that. I caution you around large-scale blocking of websites because we know from our own evidence that a very large number of websites get blocked incorrectly and it has impacts on those people too. The question is, what is effective? I am not sure that age verification will be effective in its own terms in protecting children.

Claire Perry: Mr Killock, it is nice to hear you finally supporting the initiative. Indeed, all of the shroud waving about false blocking was brought out with vigour many times over the past five years—

Jim Killock: We stand by that.

Best not to interrupt the questions, Mr Killock. Let the questions be put.

Claire Perry: Q  My point is that it is sad that the campaign once again from your organisation is that  the perfect must be the enemy of the good. I am afraid  I would also question this issue of false blocking, and I would appreciate written evidence if you have it. It is a tiny fraction. It has never reached anything like the levels your organisation has claimed, and the processes for notification and unblocking have massively improved over the last five years. My question to you is: at what point does your organisation stop dealing with this world where it is, “Hands off our internet” and start accepting that content provision via the internet, which is just another form of provider, should have exactly the same safeguards as exist in the offline world?
Renate, your points around this are also quite disturbing because you are holding up for a perfect world—

Renate Samson: What points?
Q Claire Perry: Around privacy and data recognition. At what point do we accept that what is proposed in this Bill is actually a good step forward? While it may not be perfect, it is a massive step-change improvement on what we have today.

Jim Killock: The first question is: “What is the impact on everyone?”

Claire Perry: Q  No, the question is: will you provide us with written evidence of this issue of false blocking, in detail, because I happen to think it is completely untrue, your words on this?

Jim Killock: Yes, we can.

Claire Perry: Q  We would appreciate written evidence by next week. Thank you.

Jim Killock: We have literally hundreds.

Claire Perry: Q  Hundreds? Of the 1.5 billion websites that are out there?

Jim Killock: The error rate does not appear so large; but when you multiply that by the number of providers that have different blocking systems it becomes quite significant.

Claire Perry: I look forward to the evidence.

Do not interrupt the questions, or the answers.

Jim Killock: On the wider question, what is effective, the question is how are children protected, versus what is the impact on adults. At the moment we do not know, because the system is not in place, what that effect on adults will be; but we have to be concerned that adults should feel free to access legal material, no matter what it is. They should not feel like they are being snooped on or having their privacy or anonymity removed.
I was encouraged by some of things that were said earlier, but I have to say that when we sent some technical observers to hear about the systems that are likely to be put in place—the sort of things that vendors want to do—we heard a rather different story. The sorts of things they want to do include harvesting user data, maybe using Facebook and other platforms, to pull in their data to verify people’s age by inference. These things were not privacy friendly. Let us assume that the BBFC has a job, as apparently it does. It would be good if it had clear duties around privacy and anonymity, to make sure that it has to put those things first and foremost when it is choosing and thinking about age verification systems.

Claire Perry: Q  As a supplementary, does your organisation campaign against age verification on gambling sites on the internet?

Jim Killock: No, we do not.

Claire Perry: Q  Even though exactly the same issues of privacy could apply?

Jim Killock: I think they are rather different, are not they?

Claire Perry: Q  Why? They are legal.

Jim Killock: The first thing is that gambling sites are dealing with money. They have to know a little bit about their customers. They need to do that for fraud purposes, for instance. The second thing is, I think, it is much harder to argue that there is a free expression impact for gambling, compared with accessing legal material, whether it is pornographic or not.

Claire Perry: Q  So your interest is not about legality. It is about your interpretation of legal and illegal material.

Jim Killock: It ultimately is about what the courts think is the boundary around free expression, and what sort of things are impacting on people’s free expression and privacy. That is our standpoint. What we are asking  for, the same as you, is the same standards online as offline. One of those standards is human rights and what we are entitled to do.

Let us hear from Ms Samson; and then we are moving on.

Renate Samson: Just to be clear, we submitted evidence and we have concerns about part 5 of the Bill. The questions you have been asking Mr Killock—I am unclear; are you asking me about the same issues you are asking him?

Claire Perry: No, specifically about the part 5 questions.

Renate Samson: Okay. We have not, in our evidence and our concerns, asked for a perfect Bill, although I do not believe there is any harm in trying to make the best piece of legislation we can. The work that we do with the Privacy and Consumer Advisory Group and as part of the open policy making process is about having engagement, to ensure that we are the leading light in data sharing, but also data protection. As Mr Killock has mentioned, we are currently looking at the Data Protection Act 1998. That will probably expire in May 2018, and we will get the general data protection regulation. Right now the measure in question does not even refer to that, or, indeed, to the Investigatory Powers Bill. It refers to the Regulation of Investigatory Powers Act 2000 and the DPA. Also, it will probably fail on a number of the key points of the GDPR, in relation to potential profiling, consent of the individual, and putting the citizen at the heart of data sharing and data protection.
I am not looking for “perfect”, but I think “perfect” is a good place to head towards.

Nigel Adams: Q  My question is for Mr Killock, with regard to what the Bill is seeking to do in terms of equalisation of copyright offence penalties. I just wondered why your organisation was not in favour of rights holders—the tens of thousands of content creators. Why is your organisation not keen on the idea in the Bill?

Jim Killock: That would be a misrepresentation. We are quite clear in our response. We are worried about the impact of this on people who should not be criminalised and who we thought the Government were not trying to criminalise in this case. Our position is that if the Government are going to extend the sentence and have the same sentence online as offline for criminal copyright infringement—that is to say, 10 years—then they need to be very careful about how the lines are drawn, because the offences are quite different. Offline, in the real world, criminal copyright infringement covers a number of acts. It is all about copying and duplication. Essentially, it is about criminal gangs duplicating DVDs and the like. Online, making that separation is harder, because everything looks like the same act—that is to say, publication. You put something on the internet, it is a publication. So how do you tell who is the criminal and who is the slightly idiotic teenager, or whatever it happens to be? How do you make sure that people who should not be threatened with copyright criminal sentences are not given those threats?
We particularly draw attention to the phenomenon of copyright trolling. For instance, there is a company called Golden Eye International, a pornographer which specialises in sending bulk letters to Sky customers, BT  customers and so on, saying, “Please pay us £300 because you downloaded a film that is under copyright.” These are obviously pornographic films and they then wait for people to pay up. They have no specific knowledge that these people are actually the people doing the downloading, all they know is that somebody appears to have downloaded.

Nigel Adams: Q  Sorry to interrupt, but the idea of the Bill is not to go after people who are downloading content, it is purely for those who are uploading content for commercial gain. That is the whole purpose.

Jim Killock: Unfortunately, that is not how the language of the offence reads. The test in the offence is that somebody is “causing a loss”, which is defined as not paying a licence fee, or is “causing the risk of loss”, about which your guess is as good as mine, but it is essentially the same as making available, because if you have made something available and somebody else can then make a copy, and then infringe copyright further and avoid further licence fees, basically that is a criminal act. So file sharers, whether they are small or large, all appear to be criminal copyright thieves. Similarly, people who are publishing things on websites without licence are also potentially criminalised. Those things can be dealt with much better and more simply through civil courts and civil copyright action. What we are calling for is either to get rid of those things which are attacking individuals and wrongly bringing individuals into scope, or to put thresholds of seriousness around the risk of loss and/or causing loss. Something like, “Serious risk of causing significant loss” would be the way to deal with this. Similarly, “Causing serious loss”.

Nigel Adams: Q  But if you are knowingly uploading creative content online for commercial gain, to my mind it does not matter whether it is 50 quid or 50,000 quid, you are knowingly stealing someone’s content.

Jim Killock: The commercial gain is not part of this offence. That is what I am saying. The offence is purely to cause loss—in other words, to not pay a licence fee—or to cause risk of loss. There is no “commercial” in it. So you have to put the threshold somewhere. You have an offence for the commercial activities and, separately, individuals who cause risk of loss or fail to pay a licence fee.

Nigel Adams: Q  What do you think is a reasonable limit? Where would you set the limit?

Jim Killock: In terms of taking someone to court, there is no particular limit. If I cause £20 of damage to somebody where I should have paid it, the small claims court should be available and I should be able to either prosecute someone or be prosecuted in a civil court in the normal way. The question of how much is “serious” is, in all likelihood, something we should probably leave to the discretion of judges. It will not be very easy to fix a particular amount, but I think “serious” is usually the word used.

Nigel Huddleston: Q  As you have already recognised, this part of the Bill has already been subject to a consultation. There were 282 responses to that consultation, with the majority of them being broadly supportive. You have raised quite a few perfectly valid concerns, but do you accept that there is broad public support for the sharing of data when there is a clear social upside?

Jim Killock: I think we are all clear that data sharing should be enabled. The question is how you do that without it being a completely wide open process. The principle is not something that anyone has ever objected to.

Renate Samson: On the consultation that you referred to, you just told me that there were 282 submissions and that most of them were broadly supportive, but the Government response did not indicate who was supportive and who was not, and I have not seen the submissions on the website to be able to see for myself who was broadly supportive and who was not.
Having been part of the open policy making process, I would say that several people in that room had a large number of concerns. They were not concerns to prevent data sharing, but concerns to ensure that data sharing could happen in the safest way possible, and not just in terms of privacy. That way, not only can Government benefit from it and clear processes can be established in Government, but the citizen can understand why their data are being shared and can then be supportive of it and can trust that their data are going to be looked after. It is about the citizen being able to feel as though their personal data, which are now part of the air we breathe in a connected, digital society—we cannot function without our data—are safe and secure. It is about not only data being private, because there are varying degrees of privacy, particularly when you are sharing, but the Government understanding that.

Nigel Huddleston: Q  I am not sure whether we got a clear answer there. The Commons Library published a briefing, which includes statistics from an Ipsos MORI survey that you have probably seen before. The things that get public support are things such as:
“Creating a DNA database of cancer patients…Using data from electronic travel cards…to improve the scheduling of buses or trains…Using police and crime data to predict and plan for crimes that might take place in future”.
There is a clear public upside for some of the most vulnerable and hurt people in society; are we ever going to reach a point where you are satisfied with the use of data?

Renate Samson: You took evidence this morning from two witnesses whom you asked a very similar question, and I support the answers that they gave. People are happy to share data if they understand why and are asked. I believe that the answer you were given earlier referred to the individual. If you ask me whether I am happy to share my data to cure cancer, I go away and I make the decision about whether or not I am happy to do that. As you have pointed out, the majority of people are probably going to say, “Yes, of course.” Big Brother Watch has no desire to restrict that. We are asking for information that we feel is lacking from part 5 of the Bill. We are asking for information for the individual so that they can give their consent based on proper guidance. That is going to be a key part of data protection law going forward.
This is about the way the questions are being asked. Similar questions have been asked throughout the day. We are not trying to say no. We have never said no. We are just trying to say, “Please present us with as much information as possible, so that we can see how.”

Jim Killock: It is really in the interests of Government to get this right, because in the long term it is a matter of trust. We know that accidents happen. If at least the  safeguards are in place and as many accidents are avoided as possible, and if people are not left embarrassed at either data leaks or programmes that turn out to be intrusive or prejudicial against people, then you have won. That really was the purpose of the open policy process: to ensure that the risks were understood so that the Government could legislate on the basis of dealing with the complex risks rather than heading straight into a situation where they got a huge backlash and/or stored up problems for the future.

Renate Samson: May I add something quickly? The first line of Big Brother Watch’s submission says that we support data sharing across Government. I want to be very clear on that.
My second point is about individuals doing well out of this. The Bill, well, the factsheets accompanying the Bill, refer to wellbeing. I direct you all to the Supreme Court’s review of the named persons scheme in Scotland, where it was deemed that wellbeing was not a high enough bar—it did not meet the bar of “vital”, which the Data Protection Act requires. We want to do this properly so that people can benefit, but let us ensure that it is proper—that is not perfect, but the best it can possibly be.

Matthew Hancock: Q  A couple of questions. Would you be happy to share your blood type data to help cure cancer?

Renate Samson: I do not even know what my blood type is. To answer your question, I don’t know. I would have to give it serious consideration, just as I would seriously consider whether I would be prepared to donate organs after I die. It is not something to which I can give you a snap answer.

Matthew Hancock: Q  Okay. You referred to the open policy-making process, which was a big process with lots of people involved, and the large majority are content with that process. Have you read all the individual responses to the consultation?

Renate Samson: No, because I do not know where they are published. I looked for them but I could not find them.

Matthew Hancock: Q  They are on the internet, so you are very welcome to have a look at them.

Renate Samson: My understanding is that I would have to go into every single organisation’s website separately to look at them. They are not collated on the consultation’s website itself.

Matthew Hancock: Q  No, they are all published online.

Renate Samson: On the consultation’s website itself?

Matthew Hancock: Q  They are all published online. In an earlier exchange, you talked about the broad purposes of the Bill and the problem with parliamentary scrutiny of those purposes. I would just like to understand a bit more about what you meant.

Renate Samson: Sorry. Could you repeat that?

Matthew Hancock: Q  In an earlier exchange with Louise, you talked about the broad purposes of the Bill and how they are defined. You said that those purposes   are very broad, and I think you said something like, “and therefore it can mean whatever the Government wants it to mean”. I do not understand that, because any sharing of data must be for purposes very specifically set out, for instance supporting troubled families and supporting families in fuel poverty. I think it would be very hard to be against those goals.

Renate Samson: Forgive me, I do not recall that being quite as you have said; I know that Dr Whitley said something very similar to what you just said. Our concern is that I cannot give an answer, because I do not feel as though the Bill has defined clearly what data sharing is or what are personal data. I cannot give an answer without being able to understand what the Government intend to do with regards to data sharing. Troubled families and the retuning of televisions are not included in the Bill, they are referred to in the factsheet accompanying the Bill.

Matthew Hancock: Q  They are referred to in secondary legislation, which will be scrutinised by Parliament.

Renate Samson: I feel—I can only say how I and Big Brother Watch feel—that having looked through the Bill in great detail, we have more questions than answers. If the codes of practice had been published, it might not have been necessary for me to be sitting here, because I would probably know exactly what is the intention. However, based on what has been published so far, I do not feel that it is clear.

Jim Killock: Future secondary legislation is quite a weak way of Parliament safeguarding a process like this, because essentially you then need to ensure that civil society, Parliament and everyone make sure that all the relevant safeguards are included in each statutory instrument.

Matthew Hancock: Q  No, the safeguards are in the Bill. It is the purposes that are in the statutory instruments. It is interesting—

Jim Killock: I do not think that the safeguards are in the Bill.

Renate Samson: Could you explain where they are and what they look like? I cannot see them other than the reference to the misuse of data, and we absolutely support the proposal that those guilty of that could be subject to a prison sentence.

Matthew Hancock: Q  Okay. I want to refer to another point that I did not understand. You said that the problem with the Bill was that it referred to RIPA and the Data Protection Act 1998.

Renate Samson: Because that is current legislation.

Matthew Hancock: Q But what exactly would you propose?

Renate Samson: My concern, and this is not a telling off, is that a large chunk of RIPA will no longer be applicable by the end of year when the Investigatory Powers Bill comes in, and the Data Protection Act is about to be replaced with the general data protection regulations. Of course it cannot say that on the face of the Bill and none of the supporting documentation even refers to those two pieces of legislation.

Matthew Hancock: Q  It just seems a totally odd point, because the Investigatory Powers Bill is not yet law and, as you can see from the screen, it is being debated in the Lords today. GDPR is not in domestic law yet.

Renate Samson: We were trying to be “assistive”—if that is a word—in that there are elements of the Bill about which not just Big Brother Watch but other individuals and organisations are concerned that if it passes, when the general data protection regulations come in, it will not adhere to that law. It was merely a note of what is coming down the line so we have legislation that has longevity.

Matthew Hancock: Q  I do not think it is possible to legislate on the basis of other legislation that has not yet passed.

Jim Killock: GDPR is passed; it is just not implemented.

Thank you to our two witnesses. Thanks very much indeed for your evidence. We release you.

Examination of Witnesses

Sarah Gold, Chris Taggart and Paul Nowak gave evidence.

Q  We will now hear oral evidence from Projects by IF, OpenCorporates and the TUC. We have three witnesses, so, colleagues, could we have more concise questions and I am sure concise and expert answers? Could the witnesses please introduce themselves for the record?

Chris Taggart: My name is Chris Taggart. I am the CEO and co-founder of OpenCorporates, which is the largest open database of companies in the world.

Paul Nowak: My name is Paul Nowak I am the deputy general secretary of the TUC. We represent 52 affiliated unions who in turn represent about 5.7 million workers.

Sarah Gold: I am Sarah Gold, director and founder of Projects by IF: a design studio that helps companies understand privacy and security by making products and services that empower people.

Matthew Hancock: Thank you very much for coming. I want to put on the record something relating to what happened at the end of the last session. For anyone who is interested and has not yet had the chance to find the responses to the consultation on data sharing, they are available on gov.uk/government/consultations/better-use-of-data-in-government. All the responses to the consultation are there.

We are better informed.

Louise Haigh: Q  Paul, the Government have delayed by a year outlining their digital strategy. Could you give the Ministers a hand here? What would you like to see in a digital industrial strategy?

Paul Nowak: There are a number of points in the Bill where we think there are positive steps forward: things like the universal service obligation. I am happy to talk about some of those points. The missed opportunity for  us is really getting a handle on what the emerging digital economy means for working people. Tomorrow, we will have the outcome of the court decision on Uber. That is just one example of where changing technology potentially affects working people’s lives. We believe there should be a proper framework and employment law should properly reflect the change in the world of work. The point was made by a number of MPs on Second Reading that the Bill missed a trick in terms of that new framework of rights and responsibilities for people who work.

Louise Haigh: Q  What would that framework look like?

Paul Nowak: It would tackle issues around, for example, employment status. We have this curious interface between the new, emerging digital economy and what I would characterise as some old-fashioned exploitative employment practices. It is great that we can all order new goods and services online via eBay, but often the person who delivers that package will be working so-called to an app and they will be so-called self-employed, driving their own vehicle and with no rights to paid holidays, maternity or paternity leave and so on.
So a framework of laws that is fit for the digital age. It is welcome that the Government have announced that Matthew Taylor will be looking at some of these issues, but I would have thought that for a Digital Economy Bill there is a gap in the Bill itself.

Louise Haigh: Q  Has the TUC been consulted on that by the Government?

Paul Nowak: We have had no engagement in terms of the process I described with Matthew Taylor and, as far as I am aware, we have had no input in terms of the Bill and the thinking around what a decent framework of employment rights will look like to respond to that emerging digital economy.

Louise Haigh: Q  What about the digital skills gap—where could the Bill go further there?

Paul Nowak: That is not something that we have looked at particularly, but I think it goes without saying that the need for digital skills will go well beyond those core digital industries. The proof of the pudding will be in the eating. We are pleased that the Government are now talking about industrial strategy, and we think that the digital economy should play a key role at the heart of that industrial strategy. It is not just about digital industries themselves; it is about how those digital industries can support jobs in our manufacturing, engineering and creative industries, but you need to make sure that people have the skills—not just at one moment in time, but ongoing skills throughout their working lives—to enable them to adapt to the changing world of work. For example, one of the things that we have pushed heavily through our Unionlearn arm is equipping people with those skills, but making the case that people should have access to careers advice and guidance all the way through their working lives rather than just at the point at which they leave school, college or university.

Louise Haigh: Q  Sarah and Chris, I do not know whether you were here for the earlier sessions, but we have heard quite a few concerns about the data-sharing  proposals in part 5 of the Bill. Do you share the concerns about the lack of privacy safeguards in those proposals?

Sarah Gold: I do. There are quite a few pieces of information missing that I would like to see in the Bill to protect individuals’ privacy. I think I heard Jeni Tennison talk earlier about openness and transparency, and I agree with her that one of the major pieces that is missing from the Bill is transparency about how people’s information will be used.
For me, this is also a missed opportunity to talk about consent, which is increasingly becoming a design issue, not necessarily just one of policy. That means making sure that there are steps in place to ensure that people understand how their data will be used, by whom, for how long and for what purpose. That is really important, because currently, the only models of consent we seem to default to are terms and conditions, and I have to ask the Committee: when was the last time any of you read or understood a set of terms and conditions?

Louise Haigh: Q  Claire Perry brought up the poor standards in the private sector earlier. Presumably you agree that the Bill misses an opportunity to deal with consent for the private sector’s use of data as well.

Sarah Gold: It does, because I think the Government should set best standards on this. There is a real opportunity to do that, and I cannot see that on the face of the Bill.

Chris Taggart: I broadly agree. There was a comment in one of the submissions that despite this being a Digital Economy Bill, it felt like it was from almost 10 years ago. We have the ability to treat data in a much more granular way—dealing with permissions, rights and so on; having things selectively anonymised; having things almost time-boxed, and so on. It struck me that it felt like the Bill was using the broad brush of how we used to exchange data 10 years ago. That seemed like a missed opportunity, particularly given that what we are talking about here is Government to Government. While it is very difficult for the private sector—or even between the Government and the private sector—to come up with some of those solutions, when you are talking essentially about one organisation, particularly one where there is the ability to legislate that everything should happen in the right way, it seems to be a missed opportunity.
I was asked a couple of years ago to be on the Tax Transparency Sector Board, which talked about opening up some of the tax data. Of course, pretty much no data were actually opened up, but some of the discussions were interesting. For example, the Bill talks a lot about individuals, which is absolutely right—I believe that we have innate human rights—but from a tax point of view, individuals and companies are exactly the same thing. There is no difference. HMRC was saying, “Hey, look, whatever we think and whatever we would like to do, we have no ability to treat individuals and companies as the same.” The idea of allowing companies to tick a box and say, “Yes, we’d like our tax to be reported and to be open about it,” or saying, “These offenders will be treated differently if they are corporate offenders,” for example—many countries do report tax offences by companies—was not even possible because of the underlying legislation. There is a sense that that sort of attitude slightly pervades some of this. Again, I am extremely in favour of the Government being more  effective and efficient and using information sharing for that, but I would like the Bill to be as good as it possibly can be.
Finally, there are little things—I used to be a journalist but now I am a full-time geek—such as what is being reported? What things have been shared? How are those organisations being identified? The Government do not even have a coherent way of identifying Government Departments or non-departmental public bodies. Those sorts of things. There is a lot more that could be done to make this a genuinely effective Bill.

Thangam Debbonaire: Q  Mr Taggart, you mentioned something about its feeling like it is 10 years out of date. I want to bring us bang up to date by chucking in a Brexit question. Is there anything that the three of you could very quickly add to the discussion about what might need to be in the Bill given that we are now in Brexit? Brexit has implications for the digital economy, about which I am sure you know more than me.

Chris Taggart: I will try to be brief. One is to do with policy aspects of what happens. I believe you are hearing from the Information Commissioner later. What happens to data protection in a post-EU UK? From our perspective, the UK has generally taken a slightly different perspective on data protection from the information commissioners in some other countries and is generally taking things like public interest into account and treating paid-for and free information the same, which we welcome. We have some concerns about the general data protection regulations because of that sort of stuff and some of the stuff that is coming from the EU. There are some potential benefits, but there are also some downsides about whether people’s rights will be defended. I think the digital economy becomes much, much more important, and my position here is as an advocate of open data and the potential for open data in driving a thriving digital economy. As a digital entrepreneur, I think we are missing some significant opportunities for that. If you were to sit down today and do a digital economy Bill with the knowledge that in a couple of years we perhaps would not be part of the EU, I think we would be doing something quite different.

Paul Nowak: May I pick up the point about post-Brexit? I think there is growing political consensus that one of the implications of the decision on 23 June is that we need to think seriously about how we invest in our national infrastructure. For the TUC that goes beyond Heathrow, Hinkley, High Speed Rail. It talks to issues around, for example, high-speed broadband. It is about thinking about how this Bill would interface with, for example, announcements that might come in the autumn statement about investment in high-speed broadband. I note that the Chair of the Committee talked about the interface between rail and high-speed broadband, which is something that should be borne in mind. Again, valid points were made on Second Reading about requirements for developers to incorporate high-speed broadband into new housing developments, which is absolutely essential. I reiterate the point I made earlier about seeing this in the context of the wider approach to industrial strategy and how the digital economy can support other parts of the economy that are going to be even more important as we move forward post-Brexit.

Sarah Gold: For me, particularly looking at privacy, security and personal data, it is about the age of some of the language used in the Bill. Even talking about  data sharing feels to me like the wrong language. We should be talking about data access. Data sharing suggests duplication of databases, with data being slopped around different Departments, whereas data access suggests accessing minimum data via APIs or by using the canonical Government registers, which is an excellent project that is not mentioned in the Bill but should be.

Nigel Huddleston: Q  There is a lot in this Bill, everything from BBC regulation to child protection, the universal service obligation and making switching easier. Can each of you say what are the top two or three positive features of the Bill that you believe will be of benefit to your members, clients or, indeed, the general public?

Chris Taggart: Yes. First of all, I agree that what I would like to see is that the Government—

Nigel Huddleston: I do not think that was the question. I asked what you like about the Bill that would be of benefit to your clients or customers. It is quite long.

Chris Taggart: To be perfectly honest, we operate in the new economy in places like Canary Wharf. We are a growing company and so on. I do not think there is anything in there that is going to benefit us as a growing, innovative digital company, to be honest.

Nigel Huddleston: Q  The universal service obligation? Easier switching? None of that?

Chris Taggart: No.

Nigel Huddleston: Q  You do not think that is a benefit?

Chris Taggart: Not to us. If you are talking about whether there are benefits to the wider world and to the UK as a whole, yes, I do not have an argument, but you asked whether it is of any direct benefit to us and I said no. There are plenty of things I could put into the Bill that would be of benefit and would be very simple to implement and so on, but in terms of measures in the Bill that would be a direct benefit to us and to the thousands of innovative digital companies in the UK that are making a difference to things like open data and financial services and solving real world problems and so on? Maybe it was not the intention for it to do that, and it does not.

A clear answer.

Paul Nowak: If I could start on a positive and then give you a couple of areas where I think the Bill could be strengthened, the universal service obligation is something we would support. I note the discussion on Second Reading that 10 megabits per second is just a starting point. If you want a digital economy that is fit for the future you need to go well beyond that, but the universal service obligation is welcome. Some of the points in clause 4 are important, in terms of protections for musicians and other creative performers. Useful suggestions were made on Second Reading about how some of those provisions could be strengthened, such as ensuring online providers are accountable for any illegal pirated materials that they host and making sure the Government are prepared to step in if voluntary approaches to  those sorts of issues fail. That would be a positive set  of issues.
I have concerns about the interface between the Bill and the BBC. I know that the NUJ—which is one of our affiliates—is particularly concerned about the role of Ofcom as a potential regulator of the BBC. I am particularly concerned about the BBC taking on responsibility for TV licences for over-75s, not just in terms of the budgetary implications for the BBC but in terms of the BBC effectively taking responsibility for a key part of our social security system.
There are some positives, and the one I would draw out first and foremost is the universal service obligation. No matter what job someone does or where they live, having access to decent high-speed broadband is increasingly essential.

Sarah Gold: I agree with the overall sentiment of the Bill—that having better access to data and to the right infrastructure can lead to better services and a more open society. One of the details I think is good is the significant consequences for individuals should they be part of data misuse. That is really necessary and I see that as a positive step.

Drew Hendry: Q  Sarah Gold has given us a really good example of how we could approach terms and conditions in a different way. As somebody who actually went through the Apple iPad terms and conditions three days ago I can tell you it is a mind-numbing experience, so I have great sympathy with that view. What examples can we take into account from other countries that are dealing with these issues as the Bill goes forward? My question for Paul Nowak is what is required to protect workers’ rights with the onset of new, disruptive technologies?

Sarah Gold: In terms of other countries, that is not something I am an expert in. I know that Estonia’s e-citizenship cards can be used as a form of identity across many services, which is certainly helpful. There is an emerging question about what forms of identity individuals, particularly those who are less affluent, will be able to access. That is increasingly becoming a design problem. My work and work at projects by IF is more focused at the moment on UK-based companies and how they approach different forms of consent. We are thinking about privacy through a design lens. We are thinking about the minimum viable data that a service needs to operate and how we can display information in a simple, readable way so people can understand what they are giving away and why, and also get back shared insights. I can speak about some of the emerging trends in technology, such as general transparency and certificate of transparency, which I think have very interesting applications, and about how we can begin to see better forms of consent and permissions across the services. Unfortunately, I am not an expert on other countries.

Thank you. Mr Nowak is an expert, I am sure.

Paul Nowak: I have maybe three things to say. First, going back to the point I made before, we should absolutely clarify some of the issues about employment status. I do not think it is acceptable that a multinational corporation can hide behind an app or say, “You’re employed by an algorithm.” It needs to be recognised that it does not matter whether you are getting your work via an app; you are still an employee. If you were a  small building contractor, you could not get away with claiming that the person who works for you day in and day out is an independent contractor. HMRC would be down on you like a ton of bricks. I think you need to tackle those issues.
There is a set of issues about what I call sectoral approaches. We know that these new disruptive technologies have an impact across whole sectors. I mentioned parcels delivery. It is no longer the default that the man or woman who delivers your parcel is directly employed by Royal Mail and drives a Royal Mail vehicle. They could be “self-employed” and driving their own vehicle. They may be doing two or three different jobs. There is an argument that we should be thinking about how we bring together players right across a sector at the sectoral level, involving employers, new entrants, trade unions, the Government and others, to think about issues to do with not just employment regulation but skills.
I think it flags up a set of interesting issues about having an employee voice at every level. It is very welcome that the Prime Minister has raised the issue of workers on boards. I think that the value of having an employee voice from the shop floor all the way up is important. I note that, on Second Reading, Huw Merriman made the point that the BBC is a good place to start—the new BBC board can have employee representation. Ensuring that there is an effective employee voice, by whatever means somebody is employed, is important. Crucially, that is about social partnership and dialogue, and engaging workers and unions in thinking about what the best form of that employee voice is and how we ensure that people are not exploited in a particular sector.

Chris Taggart: To pick up on something that Sarah said, the truth is that we live in a data world these days. We cannot move from one side of the street to the other without interacting with data. Everything we do—every phone call we make, every website we visit, every time we use a smartphone—is about interacting with data. Unfortunately, individual citizens are increasingly the products—the data—so we really need to be thinking about what citizens’ rights look like in a data-centric world in which the data could be held anywhere.
It is about not just the legal rights, but the effective rights. One of the things that companies such as Google are doing is disintermediating. Sometimes you may have local monopolies, but you may end up with one global monopoly. Who owns the information from smart meters, and so on? The person who pays the electricity bill, the electricity company, the Government or some third party that can see when you turned on the lights, when you went to bed and those sorts of thing? We really need to be thinking about what rights, abilities and agency comes with being a citizen in the modern world. I think that means having access to the data we need—official registers—and licences that actually work for us, and having a critical eye on some of the emerging global power structures of data.

Paul Nowak: That point about data throws up some profound questions for the employer-employee relationship. For example, it is entirely reasonable for TfL to want to know where their buses are at any given moment of the day or night, but it is less reasonable for an employer to access information about whether or not I turn on my phone at seven o’clock or eight o’clock, or about where I might happen to be outside normal working hours.  That speaks to the need for the Government to think about how you facilitate and encourage employers and employees to reach reasonable agreement about the use of data. What is the line? It is going to be different in different sectors and different jobs, but the important thing is that there is a shared understanding of what data are collected, what they are used for and how they might be used. I suspect that in a lot of workplaces that is just not a live conversation.

Sarah Gold: Also, who in the workplace has permission to access that information? That is certainly not clear on the face of the Bill, which suggests that any sharing between civil servants would be okay. That really makes me feel quite scared.

Thank you. We have two more questioners: Nigel Adams followed by Louise Haigh.

Nigel Adams: Q  Mr Nowak, you alluded earlier to the element of the Bill that you support and referred to musicians. The Bill is trying to bring in measures that would equalise the measures for copyright theft. That is a really good thing to try, and the Musicians Union is very supportive of that measure. Is there anything else that you think would strengthen the Bill in terms of protecting rights holders? We have a huge problem in this country of content creators—rights holders—not getting rewarded because their work is put online illegally. There is quite a bit of work that the tech companies could be doing, but how do you think we could strengthen this area to protect many of your members?

Paul Nowak: I reiterate the points that I made before, but perhaps I can also make an offer. That is certainly an issue on which our Federation of Entertainment Unions—including the Musicians’ Union, the National Union of Journalists, the Broadcasting, Entertainment, Cinematograph and Theatre Union and Equity—would welcome the opportunity for further engagement with the Committee, and we could certainly provide more written information.
First of all, though, we should ensure that online providers are held accountable for any material outside of copyright that they host online. The second point that I made before is that if there is no voluntary, agreed way forward, the Government should be prepared to introduce a code of practice. If you are a musician, the online world and the emerging digital economy clearly throws up all sorts of opportunities, but there is also a real risk. It is not about the creation of a piece of work over three or four minutes; the hours, the days, the weeks that went into the creation of that piece of work could quite easily be dissipated and lost, and somebody else is profiting from the input you have made. It is not an area in which I am an expert, but our entertainment unions would certainly wish to give more evidence.

Nigel Adams: Q  That is useful. It is not only about musicians; there are also the people who create content, such as authors, artists and writers.

Paul Nowak: For your information, the latest TUC affiliate is the Artists’ Union England, which represents visual artists. We represent people right across the creative industries, including the musicians, the Writers’ Guild of Great Britain, Equity, which represents actors, and, as I say, visual artists. We would be happy to feed in more information directly from those unions.

Louise Haigh: Q  Thinking about algorithms beyond the workplace, we know that Uber, for example, will charge more if your battery is low. Having worked for an insurer before I was elected, I know that the amount of data that is available to insurers to set prices would make your hair curl. How much transparency should there be around the algorithms that companies use to set prices, while protecting the intellectual property of those algorithms?

Chris Taggart: That is a fantastic question, and it comes to the heart of our ability to understand our world and influence it. I take quite strong, almost like democratic first principles with this: you need to be able to understand the world and have the ability to understand the world, and then to be able to influence it. That is what democracy is about. If we do not understand the world—if we do not understand that we are being given this particular news story in this particular way; that we are being given this particular price; that we are being influenced to walk down this street rather than that street in order to do this—then we really do not have that possibility. A question that is not asked often enough but that is starting to be asked more in academic circles is: what are the algorithms on which our lives depend? If we do not understand that we are being driven by algorithms, still less what those algorithms are, how do we have agency? How do we have free will, if you like? I think it is a really important question.
I think that increasingly we will see that we need transparency around that, and that with transparency there is always the ability for there to be negative downsides. You could argue that, by having courts open, people can just walk in off the street and see that this person over there is being prosecuted; some neighbour, or whatever. But if we are not starting to ask those sorts of questions and staring to come up with some informed answers, we will be in a world where we have lost the ability to ask those sorts of questions.

Paul Nowak: I am not particularly well versed in this area, but I suppose that it is a little bit like the terms and conditions question. You could provide so much transparency that it would give the illusion of people being informed, and I think what you want to do is to allow people to understand what are the potential implications of those algorithms. So, if you are using Uber you know that if there is a spike in demand or a lack of supply, you are likely to pay more, and what the implications of that might be, and what the parameters of that are. I do not think that means that Uber needs to make all of its software open source—frankly, that would mean nothing to me—but I want to know when I get in what the fair contractual exchange is between me and the company that is providing the service.

Sarah Gold: I am very well versed in this area but I have very little time to talk about it, which is very frustrating. However, I think that looking at how individuals can question algorithms is very important; I agree with both of your comments. Particularly in GDPR, there is a clear piece that is about people being able to question automated decisions that are made about them.
As a design problem, that is really fascinating. For instance, if you think about when you buy flights on browsers, I think that everyone has probably seen that when you go back to book the flight again, your IP address   has been tracked, you are a cookie, and so you see the same flight booked for—it costs you more. So you go into kind of incognito mode to check that.
What I am quite interested in at the moment is that sort of incognito testing of algorithms, so that you can see how your inputs might change an output. In the context of Uber and insurance, I am very interested in this emergence of insurance for, say, a single day of driving or for a particular route, and being insured—say, it costs you far more to go down the M1 than just the A1. And you should be able to understand why that decision has been made about you, because it has a significant consequence for your life.
However, that comes down to the quality of the training data, too, and that comes back to some of the terms of the Bill—we should be working towards greater data minimisation, I think, and also the ability for people to be able to audit not only those data, to correct those when they go wrong, but to provide an audit of data access. While it may not mean everything to all of us, because not all of us are developers, I think that for those individuals who are able to scrutinise the code and check for digital rights management or security vulnerabilities, or biases in data sets, that information is really crucial, because it is those individuals who are our greatest defence against data misuse or fraud.

Thank you very much indeed; that is a high note on which to conclude. I thank our three witnesses for your evidence. We may now release you and we will call our final two witnesses for the afternoon to come forward.

Examination of Witnesses

Professor Sir Charles Bean and Hetan Shah gave evidence.

Welcome to our two final witnesses today; I am sure you will keep us on our toes in our final session. Could you please introduce yourselves for the record?

Hetan Shah: I am Hetan Shah, Executive Director of the Royal Statistical Society.

Professor Sir Charles Bean: Charlie Bean, London School of Economics and soon to be Office for Budget Responsibility.

Louise Haigh: Q  We have heard from witnesses today about a lot of the negatives and potential pitfalls of data sharing across Government. I have nothing against the Government’s intentions here, but do you share the concerns of previous witnesses about the lack of safeguards for privacy in part 5 of the Bill?

Professor Sir Charles Bean: You will have to excuse me; since I was not here for your earlier discussions, I am obviously not aware of what earlier witnesses have said and what their reservations are. My interest obviously is in the use of the information for statistical purposes. It is important that there is a clear and well understood framework that governs that, and there clearly need to be limitations around it.
I have to say that I think the current version of the Bill strikes a reasonably sensible balance, but there are bits that will clearly need to be filled in. The Office for  National Statistics will need to spell out a set of principles that govern the way it will access administrative data, and so forth.

Louise Haigh: Q  Do you think there is any framework in part 5 around the sharing of data?

Professor Sir Charles Bean: Sorry—

Louise Haigh: You said you are satisfied that it strikes the right balance. Do you believe there is any framework in terms of the principles for data sharing in part 5?

Professor Sir Charles Bean: By “appropriate balance”, I mean in terms of the statistical authority having in-principle access to the administrative data that it needs to do its work, subject to certain limitations.

Louise Haigh: Q  Do you believe there should be transparency for—

Professor Sir Charles Bean: I certainly believe in transparency. I am a big fan of transparency. Anyone who has worked at the Bank of England would like transparency.

Hetan Shah: May I come in and build on this? Privacy is absolutely critical to maintaining public trust, and in a sense we think the Bill has missed a trick here. On the research side, the framework is embedded on the face of the Bill. In our view, the ONS has a very good track record—it has maintained 200 years of census data, it has the best transparency, it publishes all the usage of the data and it has already criminalised the proceedings of misuse of data—but that has not been put on the face of the Bill. A tremendous amount could be done to reassure by taking what is already good practice and putting it on the face of the Bill, and I think that will answer the issue for the statistics and research purposes.

Louise Haigh: Q  My full question was not, “Do you believe in transparency?” It was going to be: do you believe in transparency in terms of how citizens’ data will be shared with the Government and between Government agencies? That principle, as you say, is not only not on the face of the Bill but not anywhere in the Bill. We have been asked by the Government to rely on codes of practice that have not even been drafted yet.

Professor Sir Charles Bean: I agree that transparency about the principles that will govern sharing of information makes a lot of sense.

Louise Haigh: Q  As you say, Mr Shah, for Government data sharing to work requires public trust, and digital government and the use of your statistics absolutely requires trust that the Government will handle data with due purpose and cause.

Hetan Shah: Another thing is that the UK Statistics Authority is directly accountable to Parliament, not the Government. That actually makes the statistics and research strand more accountable compared with other parts of the Bill. I remind you of that, which is very important.

Matthew Hancock: Q  I would be interested if you could explain and put on the record some of the consequences you see of having this Bill and the underlying secondary legislation on the statute book. What impact will that have on the areas in which you are experts?

Professor Sir Charles Bean: The key thing is that it greatly improves the gateways that enable the Office for National Statistics to use administrative data—tax data and the like—in the construction of official economic statistics. We are well off the pace compared with many other countries. Scandinavian countries, Canada, the Irish and the Dutch make very heavy reliance on administrative data and only use surveys to fill in the gaps. Here, the Office for National Statistics is essentially an organisation that turns the handle, sending out 1.5 million paper forms a year and processing those. Essentially, you are acquiring the same information again that you have already got in some other part of the public sector, where the information is being collected for other purposes.
The key gains here I see as twofold. First, because you access something close to the universe of the sample population rather than just a subset, which would normally be the case with a survey, you potentially get more accurate information. It is potentially also more timely, which for economic policy purposes is important.
The other side of the coin is that by enabling you to cut back on the number of surveys you do, there is a cost gain, which I should say would probably not mainly be a gain to the ONS, because they have to do the processing of the administrative data, but a gain to the businesses and households who are currently spending time filling in forms that they would not need to do if more use was made of administrative data.

Matthew Hancock: Q  Mr Shah, what do you see as the impact of the data sharing clauses?

Hetan Shah: I completely agree with Charlie Bean that we are really in danger of being left behind compared with where other countries are on this agenda. The European statistics peer review, which happened last year, said that this was the key weakness in our statistical system. If you look at bodies like New Zealand, Finland and Canada, they all have this ability to access, so we have got to have it. We are spending £500 million on the census and you have got a lot of that data that you could be using through administrative data.
Similarly, on inflation, which is a critical economic indicator, at the moment we send out people with clipboards to take price points of 100,000 items in 140 locations around the country every month, but there is scanner data that tells you the price that people paid. This could really revolutionise. It is not statistics for statistics’ sake; it is to answer the questions that parliamentarians and policy makers have on issues about social mobility and productivity. For all these questions you are asking yourselves, we need the data. And if we are criticising the ONS about not being quick enough, we need to give them the powers to be quicker.

Chris Skidmore: Q  In terms of the provisions in the Bill on sharing data for research purposes, could you shed a bit more light on how that will benefit the wider research community? I was also wondering what the immediate priorities will need to be for the UK Statistics Authority as the accrediting body for the infrastructure provided by the research powers in the Bill.

Hetan Shah: The Bill creates a permissive power and it really streamlines what at the moment is quite a complex legal environment for researchers accessing  Government data. This makes it much clearer that if a researcher meets a set of conditions—the research is in the public interest, the researcher is accredited and it will use the research in a safe haven, as it were, and so on—they are able to access that Government data.
We gave some case studies in our evidence of research that is obvious, such as what affects winter mortality and understanding the productivity gap. Those are questions that researchers want to investigate, but they cannot get hold of the data from Government Departments. To be fair to the Government, there is concern from their side about handing over data when the legal framework is not clear enough. I think this process will really streamline that.
One caveat is that it is slightly odd that health data are out of scope. Most of the biggest concerns that researchers have are in trying to build the relationship between survey data and, often, the health outcomes in certain areas. I understand the reasoning behind this: because of care.data there were some concerns. Health is very important. Our view is that the Bill should build in the scope for health data and then allow for future legislation to say how that will be dealt with, in particular once Fiona Caldicott, the national data guardian, has consulted on her framework, which is happening right now.

Professor Sir Charles Bean: I would endorse a lot of that. I should say that in Canada, where I spent some time talking to Statistics Canada in the course of doing my review, they have exactly this model. There are clearly defined criteria under which researchers can get access, with a sort of prescribed laboratory where they can use it. I think there is something like 30 requests a year to use information, so it is quite heavily used.
Certainly when I was talking to people here during the statistics review, the issue was raised during the consultation process by people such as the Institute for Fiscal Studies, who wanted access to the microdata to be able to study the impact of tax structure on decisions and so forth. The difficulty of getting that microdata inhibited good research. I am sure the demand is there.

Chris Skidmore: Q  Several witnesses have expressed various degrees of concern about issues of privacy, whether merited or not. In terms of what is taking place in Canada, have you seen any data leaks or anything that would raise concerns about what we are pursuing?

Professor Sir Charles Bean: I am certainly not aware of any leaks or anything. They are clearly very concerned about making sure that personal information is not divulged. It is very important that the information made available is not only anonymised but cannot be reverse engineered to find out who the agent concerned might be.
If you are looking at information on companies, there may well be, if you are not very careful, information that might be reverse engineered to find out that the name of the company is probably such and such. It is very important that you have good processes to make sure that the information that is provided to researchers is sufficiently anonymised but, as I say, the Canadian experience suggests that you can do that quite happily.

Scott Mann: Q  One of the biggest contributing factors for people moving house is having access to a decent broadband signal. Have you done any statistical or economic modelling of population densities and  movement away from cities to rural areas? Is that a piece of work that you would be prepared to do to find out the economic benefits to rural areas as part of the USO?

Professor Sir Charles Bean: That is not really my territory.

Hetan Shah: Ditto. I am here to talk about the stats and research clauses. I do not know about the other bits, I am afraid.

Thangam Debbonaire: Q  You have both talked about other European countries and Canada. Forgive me for not knowing whether this is the correct term, but are we talking here about big data? Is that the term I hear bandied about? Either way, could you tell me a bit more about the benefits and outcomes in terms of policy information? Give us a bit more information about what these other countries are doing better and how their politicians are better equipped as a result.

Professor Sir Charles Bean: I think most people use the term “administrative data” to refer to large information held within the public sector that accrues as a by-product of whatever the public authority is doing. Tax information is a classic example, and it is something that is obviously potentially of use to the Office for National Statistics in constructing economic statistics. Big data is a wider concept that embraces the vast range of information that is generated by various sorts of private sector organisations, which includes the scanner data that Hetan mentioned. It is the sort of information that is generated by the likes of Google and phone companies. Big data is much broader.
There is a question about the extent to which you can use big data in the construction of official statistics. I think there are two obvious areas that you might want to exploit. One is scanner data for constructive price indices, which Hetan has already mentioned. The other area where I could see private sector big data being of considerable use is on payment information—information from payments processors and payments providers.
Of course, there is a vast amount of other information that is generated by the private sector. Some of that information might be useful for shedding light on new puzzles or new phenomena in the economy. One might want to be a little bit wary about relying on them to build the regular official statistics because you cannot be sure they are always going to be there, whereas you will probably have a reasonable presumption that the payments information and scanner data will continue to be available, and the Office for National Statistics could therefore use them on a regular basis.

Hetan Shah: I can give a couple of examples or case studies. One is pensions. In this country we have made quite a lot of changes in recent years around pensions policy, but it is very hard to track the impact of that. The Bill will allow for the ONS to bring together the benefits and pensions data, which are held by the DWP, the HMRC data, and also to go out to companies or to either regulatory bodies or federated bodies and get their data and bring those together so that we can see what auto-enrolment has actually meant, in terms of the amount people are putting into their pensions, and you can actually start tracking policy.
Another example is international student migrants, which is clearly a hot topic at the moment. At the moment there are Home Office data in one place, the  Higher Education Statistics Agency holding useful data in another place and there are labour market data held in a third place. You could bring all those things together to actually track the impact and the numbers and so on, which at the moment we just do not have a good handle on. Those are the sorts of things that are possible if you give your statistical office access to the aggregate data from other Departments and also some access to private sector data.

Thangam Debbonaire: Q  Is that the sort of data other countries are using in that way?

Hetan Shah: Yes, that is right. Other countries have different set-ups, as it were, but these are the sorts of puzzles they can solve because they can bring those data together in different ways.

Nigel Huddleston: Q  Mr Shah, you have partly answered my question, so I will turn to Professor Sir Charles Bean first. What kind of Government data would you personally like to get access to; what would you do with it; and how would the public benefit from your having it?

Professor Sir Charles Bean: You do not mean me personally? Presumably you mean the Office for National Statistics and the UK Statistics Authority?

Nigel Huddleston: Absolutely.

Professor Sir Charles Bean: First and foremost, I would say the tax data that HMRC holds—value-added tax, income tax and corporation tax. Value-added tax is particularly useful because it tells you something about inputs and outputs of businesses. It is potentially quite good, up-to-date, timely information on activity in the economy. I should say, when I was on the Monetary Policy Committee, we used to get informal briefings each month from the Treasury representative on what they knew about the tax receipts coming in that month, but having more detailed information about what was going on would be potentially very useful. In principle you can envisage building the national income accounts almost entirely on that sort of information if you have access to it, and you can make sure that the income-outcome expenditure sides are all balanced. That, as far as I am concerned, is by far and away the most significant thing.
I think it would be quite useful to bring in another dimension here about why administrative data are useful. There is obviously a lot of interest in regional issues. As it is at the moment, most regional information is collected to align with administrative areas of one sort of another, but those are not always the most natural units to be looking at for studying a phenomenon. If you think of Wales, north Wales is not actually trading with south Wales, it is trading across with Manchester and Liverpool, while south Wales is trading across with Bristol and so forth. If you want to think about the regional economics, you need things that allow you to look at those nexuses, rather than the information you might be given on the Welsh economy. If you have administrative data, with regional, locational identifiers, you can in principle aggregate the information in whatever way is best suited to the particular issue that you want to look at.
In terms of thinking about statistics for the 21st century, we need to be thinking about a framework that is actually quite fluid and flexible, rather than one in  which everything is pushed into a set of standard definitions for GDP and stuff like that, and standard regional definitions and so forth. When you have access to the underlying micro information, providing you have appropriate identifiers that you can manipulate and link, you have open to you all sorts of possibilities that we do not currently have.

Nigel Huddleston: Q  Mr Shah, do you have anything to add to that?

Hetan Shah: I have just a couple of examples. One is systemic financial risk. Post 2008, I think there was a recognition that we had focused too much on the risk for individual financial institutions and not looked at risk at a systems level. There is a possibility of doing that. The Prime Minister has indicated an interest in how the labour market is changing with the rise of zero-hours contracts and so on. Using a mixture of administrative and private sector data would allow us to start to get a handle on how the economy is changing.

We have two questioners left: Louise Haigh and then Claire Perry.

Louise Haigh: Q  Mr Shah, you keep mentioning access to data, but the problem we heard earlier is that the Bill talks not about access to data but about data sharing, which implies duplication. We should really be moving towards data minimisation. Do you think that the language of the Bill should reflect access to data, rather than data sharing?

Hetan Shah: My view is that for the clauses on statistics and research the Bill is pretty clear that it is about data access.

Louise Haigh: Q  It discusses the transfer of data. It does not talk about your accessing data. It does not mention the technology through which you would do it. There are no codes of practice alongside how it would happen. It is very broad and explicitly talks about data sharing in certain areas.

Hetan Shah: I think I said this earlier, but in case I was not clear I shall repeat it. For statistical and research purposes, statisticians and researchers are interested only in aggregates; they are not interested in us as individuals. It is a key point that the relevant clauses are quite different from some of the other parts of the Bill. Others have indicated in their evidence that this area should be seen as slightly different.
It is also worth noting that there are safeguards that have been tried and tested over many years. There is the security surrounding the data—the ONS will not even let me into the vault where they hold the data. You need to be accredited and to sign something saying that you will not misuse the data. If you do, you will go to jail. The trick that has been missed has been not saying all that, because it is almost assumed that that is how the ONS works. My suggestion is that if you want to strengthen that part of the Bill, you should just lay out the safeguards that are already common practice in the ONS.

Claire Perry: Q  Thank you both for setting out some very factual and helpful arguments as to why the provisions are a good thing, particularly when it comes  to aggregate statistics. I was struck by a quote in your report published in March, Professor Sir Charles. You mentioned the
“cumbersome nature of the present legal framework”,
which the Bill will clearly help to solve, and you also said that there was a
“cultural reluctance on the part of some departments and officials to data sharing”
and, in many ways, to working together, as we know from experience. How do we solve that problem and get Departments to realise how helpful some of these datasets might be?

Professor Sir Charles Bean: A key thing about the Bill is that it shifts the onus of presumption. There is a presumption of access unless there is a good reason not to comply or explain, if you like, as opposed to the current arrangement, which is that the data owner has the data and you say, “Can you please let us have a look at it?” There is civil service caution. I was a civil servant very early on in my career, so I am aware of how civil servants think. Inevitably, you are always worried about something going wrong or being misused or whatever. That plays into this, as well.
In the review I said there are really three elements and I think they are mutually reinforcing. There is the current legal framework, which is not as conducive as it could be; there is this innate caution on the part of some civil service Departments, or even perhaps on the part of their Ministers on occasion; and then the ONS has not been as pushy as it might have been. It is partly that if you know it is very difficult to get in—people are not very co-operative at the other end and the legal frameworks are very cumbersome—you are less inclined to put the effort in, and you think, “Oh, well, let’s just use the surveys, as we’ve always done.” So I think you need to act on the three things together, but they are potentially mutually reinforcing if you get the change right.

Hetan Shah: This is one area where I think the Bill could be strengthened. At the moment, the ONS has the right to request data; similarly, the researchers have the right to request data. The Department can still say, “No”, and in a sense the only comeback is that there is a sort of name-and-shame element of, “Parliament will note this”, as it were. My worry, given the cultural problems that have been seen in the past, is that that may not be enough. So why do we not do what Canada does? It just says, “The ONS requests”, and the Department gives.

Claire Perry: Q  It is a presumption in favour of sharing?

Hetan Shah: Yes, precisely. Similarly, with research you could have the same situation where, as long as the researcher meets the code of practice this required, the presumption would be in favour.

Thank you. Chris Skidmore has just caught my eye for a final quick question.

Claire Perry: Q  Professor Bean, in terms of the current legal framework and the problems with it as it exists, am I right in saying that there is an issue with legislation that was passed in the previous Government, under Gordon Brown’s premiership, that caps the use of data and research material, and which needs to be addressed quite urgently?

Professor Sir Charles Bean: Yes, I think it does need to be addressed. The existing Act was introduced with the intention of trying to improve the ability to share data, but it just has not operated in the way that people maybe hoped it would. In practice, having talked to the ONS and other Departments, it sounds like an extremely cumbersome process. So I think this is a case where the original legislation may have been well intentioned, but—

Claire Perry: Q  Will there be a problem even with accessing some datasets after a certain point in time—?

Professor Sir Charles Bean: There is a point after 2007, yes. You have to specifically write into the legislation that, in principle, the information can be shared, yes, whereas these information-sharing orders—

Claire Perry: Q  So that is creating a real problem in the infrastructure that needs to be addressed?

Professor Sir Charles Bean: Yes.

Thank you, colleagues. Thank you very much indeed to our final two witnesses; you gave very clear and expert answers. Thank you; it is much appreciated.

Ordered, That further consideration be now adjourned. —(Graham Stuart.)

Adjourned till Thursday 13 October at half past Eleven o’clock.

Written evidence reported to the House

DEB 01 Christian Action Research and Education (CARE)
DEB 02 The Royal Statistical Society
DEB 03 Compact Media Group
DEB 04 Dr Jerry Fishenden, Co-Chair, Cabinet Office Privacy and Consumer Advisory Group
DEB 05 Electrical Safety First
DEB 06 Good Stuff Limited
DEB 07 Action on Hearing Loss
DEB 08 medConfidential
DEB 09 TalkTalk plc
DEB 10 Big Brother Watch
DEB 11 National Trust
DEB 12 Citizens Advice
DEB 13 Open Rights Group
DEB 15 Three: Submission on Consumer Issues
DEB 16 Three: Submission on Rural Coverage
DEB 17 Country Land and Business Association (CLA)
DEB 18 Children’s Charities’ Coalition on Internet Safety
DEB 19 Co-operative Group